Difference between revisions of "SANS 560 Notes"
Jump to navigation
Jump to search
Line 25: | Line 25: | ||
== Public/Free methodologies == | == Public/Free methodologies == | ||
* Open Source Security Testing Methodology Manual | * Open Source Security Testing Methodology Manual [http://www.isecom.org/osstmm/] | ||
** Focus on Transparancy, business value | |||
** Broad descriptions of categories | |||
** Numerous templates | |||
*NIST [http://www.nist.gov/] | |||
** Processes | |||
** Roles | |||
** Tools | |||
** High-level | |||
*OWASP [http://www.owasp.org/index.php/Main_Page] | |||
** Web app testing | |||
** compares impact: likelihood |
Revision as of 16:44, 30 July 2008
560.1 Sans 560: Network Penetration and Ethical Hacking
Definitions
- Threat: Agent That can Cause harm
- Vulnerability: A flaw that can be exploited
- Risk: Overlap of Vulnerability and threat
- Exploit: Code/Technique used by a threat on a vulnerability
- Active attack: manipulates target
- Passive Attack: Does not manipulate target
- Ethical Hacking: Using attack techniques to find flaws with permission, to improve security ( aka white hat hacker )
- Penetration testing: An attempt to gain entry to a network
- Security Assessments/Vulnerability Assessment: Finding vulnerabilities
- Security Audit: Comparing findings against a set of standards
- Phases of an attack
- Recon
- Scanning
- Exploitation
- Pentesting limitations:
- Scope
- Time
- Methods
- Pentester limitations:
- scope
- time
- methods