Duration:
1 day
Audience:
Project managers, developers, security programme managers

This training clarifies the definition of a penetration test (or pentest). A penetration test is a security risk assessments that is important to identify existing vulnerabilities.

Yet, they are not a silver-bullet solution. Having a strong understanding on the different types of pentest will allow to optimise the return on investment and avoid insecure environment.

Note that there is no “hacking” nor programming involved.

Objectives:

  • Understand the different “flavours” of a penetration test, or security assessment.
  • Know when to perform a penetration test
  • Express the security requirements for a penetration test
  • Manage a penetration test and its risks on the operational environment
  • Understand the results of a penetration test
  • Integrate the results of a penetration test into your security

 

Programme:

  • What is a pentest?
  • The different types of pentests
    • Application, Mobile, Network, Hardware, Social engineering, source code review, physical, social engineering
    • The difference between “red team” and penetration test
  • Deciding a pentest
    • When to do a pentest
    • When NOT to do a pentest
    • White box vs Black box
    • In production vs Test environment
    • Third-party provider vs internal team
  • Managing a pentest
    • Defining the requirements
    • Setting up the environment
    • Ensuring a successful test
    • Integrate the results of a penetration test
  • Next steps
    • How to gain benefits from multiple pentests
    • What to do beyond a security assessment

 

To receive a quote or to register, please contact us.