Difference between revisions of "SANS 560 Notes"

From SkullSecurity
Jump to navigation Jump to search
Line 25: Line 25:


== Public/Free methodologies ==
== Public/Free methodologies ==
* Open Source Security Testing Methodology Manual( [http://www.isecom.org/osstmm/] )
* Open Source Security Testing Methodology Manual [http://www.isecom.org/osstmm/]
** Focus on Transparancy, business value
** Broad descriptions of categories
** Numerous templates
*NIST [http://www.nist.gov/]
** Processes
** Roles
** Tools
** High-level
*OWASP [http://www.owasp.org/index.php/Main_Page]
** Web app testing
** compares impact: likelihood

Revision as of 16:44, 30 July 2008

560.1 Sans 560: Network Penetration and Ethical Hacking

Definitions

  • Threat: Agent That can Cause harm
  • Vulnerability: A flaw that can be exploited
  • Risk: Overlap of Vulnerability and threat
  • Exploit: Code/Technique used by a threat on a vulnerability
  • Active attack: manipulates target
  • Passive Attack: Does not manipulate target
  • Ethical Hacking: Using attack techniques to find flaws with permission, to improve security ( aka white hat hacker )
  • Penetration testing: An attempt to gain entry to a network
  • Security Assessments/Vulnerability Assessment: Finding vulnerabilities
  • Security Audit: Comparing findings against a set of standards
  • Phases of an attack
    • Recon
    • Scanning
    • Exploitation
  • Pentesting limitations:
    • Scope
    • Time
    • Methods
  • Pentester limitations:
    • scope
    • time
    • methods

Public/Free methodologies

  • Open Source Security Testing Methodology Manual [1]
    • Focus on Transparancy, business value
    • Broad descriptions of categories
    • Numerous templates
  • NIST [2]
    • Processes
    • Roles
    • Tools
    • High-level
  • OWASP [3]
    • Web app testing
    • compares impact: likelihood
Retrieved from "https://wiki.skullsecurity.org/index.php?title=SANS_560_Notes&oldid=2504"