Security Analysis and Penetration Testing (SF)
Course Code:
TGS-2018500733
Duration:
5 Days
Delivery Mode:
Instructor-led Training (ILT)
Start Date:
Contact Us
End Date:
Contact Us
Fees:
$3,324.50

(Before Funding)

A rigorous pen testing program that, unlike contemporary pen testing courses, teaches you how to perform effective penetration tests across filtered networks. The EC-Council course requires you to pen test IoT systems and OT systems, build your own exploits and tools, conduct advanced binary exploitation, double pivot to access hidden networks, and work with various technologies.

Course Outline

Lesson 1: Penetration Testing Essential Concepts

  • Computer Network Fundamentals
  • TCP/IP Protocol Suite IP Addressing and Port Numbers
  • Network Terminology
  • Network Security Controls
  • Network Security Devices
  • Network File System (NFS)
  • Windows Security
  • Unix/Linux Security
  • Virtualization
  • Web Servers
  • Web Applications
  • Web Markup and Programming Languages
  • Application Development Frameworks and Their Vulnerabilities
  • Web APIs
  • Web Subcomponents
  • Web Application Security Mechanisms
  • Common Information Security Attacks
  • Information Security Standards, Laws, and Acts
Lesson 2: Introduction to Penetration Testing and Methodologies

  • What Is Penetration Testing?
  • Benefits of Conducting a Penetration Test
  • ROI of Penetration Testing
  • How Penetration Testing Differs from Ethical Hacking
  • Comparing Security Audits, Vulnerability Assessments, and Penetration Testing
  • Types of Penetration Testing
  • Penetration Testing: Cost and Comprehensiveness
  • Selecting an Appropriate Testing Type
  • Different Methods of Penetration Testing
  • Selecting the Appropriate Method of Penetration Testing
  • Common Areas of Penetration Testing
  • Penetration Testing Phases
  • Penetration Testing Methodologies
  • Need for a Methodology
  • LPT Penetration Testing Methodology
  • Penetration Testing Essentials
Lesson 3: Penetration Testing Scoping and Engagement Methodology

  • Penetration Testing: Pre-engagement Activities
  • Pre-engagement Activities
  • Request for Proposal (RFP)
  • Preparing Response Requirements for Proposal Submission
  • Setting the Rules of Engagement (ROE)
  • Establishing Communication Lines: Identifying Key Contacts
  • Timeline
  • Time/Location
  • Frequency of Meetings
  • Time of Day
  • Identifying Who Can Help You
  • ROE Document
  • Handling Legal Issues in Penetration Testing Engagement
  • Penetration Testing Contract
  • Preparing for the Test
  • Handling Scope Creep During Penetration Testing
Lesson 4: Open-Source Intelligence (OSINT) Methodology

  • OSINT Gathering Steps
  • OSINT Through the World Wide Web (WWW)
  • OSINT Through Website Analysis
  • OSINT Through DNS Interrogation
  • Automating OSINT Efforts Using Tools, Frameworks, and Scripts
Lesson 5: Social Engineering Penetration Testing Methodology

  • Social Engineering Penetration Testing
  • Skills Required to Perform Social Engineering Pen Tests
  • Common Targets of Social Engineering Pen Tests
  • Do Remember: Before Conducting a Social Engineering Pen Test
  • Black Box or White Box?
  • Social Engineering Penetration Testing Steps
  • Social Engineering Penetration Testing Using Email Attack Vectors
  • Social Engineering Penetration Testing Using Telephone Attack Vectors
  • Social Engineering Penetration Testing Using Physical Attack Vectors
Lesson 6: Network Penetration Testing Methodology – External

  • Network Penetration Testing
  • External vs. Internal Penetration Testing
  • External Network Penetration Testing
  • Internal Network Penetration Testing
  • Network Penetration Testing Process
  • White, Black or Grey-box Network Penetration Testing?
  • External Network Penetration Testing Steps
  • Port Scanning
  • OS and Service Fingerprinting
  • Vulnerability Research
  • Exploit Verification
Lesson 7: Network Penetration Testing Methodology – Internal

  • Internal Network Penetration Testing
  • Why Conduct Internal Network Penetration Testing?
  • Internal Network Penetration Testing Steps
  • Footprinting
  • Network Scanning
  • OS and Service Fingerprinting
  • Enumeration
  • Vulnerability Assessment
  • Windows Exploitation
  • Unix/Linux Exploitation
  • Other Internal Network Exploitation Techniques
  • Automating Internal Network Penetration Test Efforts
  • Post-Exploitation
Lesson 8: Network Penetration Testing Methodology – Perimeter Devices

  • Steps for Firewall Penetration Testing
  • Steps for IDS Penetration Testing
  • Steps for Router Penetration Testing
  • Steps for Switch Penetration Testing
  • Assessing Firewall Security Implementation
  • Assessing IDS Security Implementation
  • Assessing Router Security
  • Assessing Switch Security
Lesson 9: Web Application Penetration Methodology

  • White Box or Black Box?
  • Web Application Penetration Testing
  • Web Application Security Framework
  • Security Framework vs. Vulnerabilities vs. Attacks
  • Web Application Penetration Testing Steps
  • Discover Web Application Default Content
  • Discover Web Application Hidden Content
  • Conduct Web Vulnerability Scanning
  • Identify the Attack Surface Area
  • Tests for SQL Injection Vulnerabilities
  • Tests for XSS Vulnerabilities
  • Tests for Parameter Tampering
  • Tests for Weak Cryptography
  • Tests for Security Misconfiguration
  • Tests for Client-Side Scripting Attacks
  • Tests for Broken Authentication and Authorization Mechanisms
  • Tests for Broken Session Management Vulnerabilities
  • Tests for Web Services Security
  • Tests for Business Logic Flaws
  • Tests for Web Server Vulnerabilities
  • Tests for Thick Client Vulnerabilities
Lesson 10: Database Penetration Testing Methodology

  • Database Penetration Testing Steps
  • Information Reconnaissance
  • Database Enumeration: Oracle
  • Database Enumeration: MS SQL Server
  • Database Enumeration: MySQL
  • Vulnerability and Exploit Research
  • Database Exploitation: Oracle
  • Database Exploitation: MS SQL Server
  • Database Exploitation: MySQL
Lesson 11: Wireless Penetration Testing Methodology

  • Wireless Penetration Testing
  • WLAN Penetration Testing Steps
  • RFID Penetration Testing Steps
  • NFC Penetration Testing Steps
  • Mobile Device Penetration Testing Steps
  • IoT Penetration Testing Steps
  • Wireless Local Area Network (WLAN) Penetration Testing
  • RFID Penetration Testing
  • NFC Penetration Testing
  • Mobile Device Penetration Testing
  • IoT Penetration Testing
Lesson 12: Cloud Penetration Testing Methodology

  • Distribution of Public Cloud Services: AWS, Azure, Google Clouds Are on TOP among others
  • Cloud Computing Security and Concerns
  • Security Risks Involved in Cloud Computing
  • Role of Penetration Testing in Cloud Computing
  • Do Remember: Cloud Penetration Testing
  • Scope of Cloud Pen Testing
  • Cloud Penetration Limitations
  • Cloud Specific Penetration Testing
  • Cloud Reconnaissance
  • Identify the Type of Cloud to be tested
  • Identify What to be Tested in Cloud Environment
  • Identify the Tools for Penetration Test
  • Identify What Allowed to be Tested in Cloud Environment
  • Identify Which Tests are Prohibited
  • AWS’s Provision for Penetration Testing
  • Azure’s Provision for Penetration Testing
  • Google Cloud’s Provision for Penetration Testing
  • Identify Date and Time for Penetration Test
  • Cloud Specific Penetration Testing
  • Recommendations for Cloud Testing
Lesson 13: Report Writing and Post Testing Actions

  • Penetration Testing Deliverables
  • Goal of the Penetration Testing Report
  • Types of Pen Test Reports
  • Characteristics of a Good Pen Testing Report
  • Writing the Final Report
  • Document Properties/Version History
  • Table of Contents/Final Report
  • Summary of Execution
  • Scope of the Project
  • Evaluation Purpose/System Description
  • Assumptions/Timeline
  • Summary of Evaluation, Findings and Recommendations
  • Methodologies
  • Planning
  • Exploitation
  • Reporting
  • Comprehensive Technical Report
  • Result Analysis
  • Recommendations
  • Appendices
  • Sample Appendix
  • Penetration Testing Report Analysis
  • Report on Penetration Testing
  • Pen Test Team Meeting
  • Research Analysis
  • Pen Test Team Meeting
  • Research Analysis
  • Pen Test Findings
  • Rating Findings
  • Analyze
  • Prioritize Recommendations
  • Delivery Penetration Testing Report
  • Cleanup and Restoration
  • Report Retention
  • Sign-off Document Template
  • Post-Testing Actions for Organizations

Course Fee (inclusive of 9% GST)

Criteria Individual Company Sponsored (Non-SME) Company Sponsored (SME)
Full Course Fee
$3,324.50
SG Citizens aged 21 – 39 years old / PRs aged 21 years old and above
$997.35
$997.35
$387.35
SG Citizens age 40 years old and above
$387.35
$387.35
$387.35
Course Prerequisite
Participants are recommended to attend CEH course before enrolling for this course.
Important Notes
All Trainees must take note of the following:
  1. Must attend at least 75% of the course before being eligible to take the assessments.
  2. Dynamic QR Code Attendance Taking:a. Scan the QR Code that will be displayed by the Trainer on each session. Use your SingPass App to scan and submit your attendance. If you fail to do so, you will be deemed absent from that session.b. The QR Code is only accessible on:• Morning Session: between 9.00 am to 1.00 pm.• Afternoon Session: between 2.00 pm to 6.00 pm. c. Please take the attendance one at a time as the system can only register you one by one.
  3. Sign daily on the Attendance Sheet as a backup if any technical glitch happens.
  4. Submit Course Evaluation by the end of each module to help us improve the course and your future learning experience with us.
The course completion requirements for this course as follow:
  1. Attended at least 75% of the course.
  2. Declared as competent during the assessments.
Who Should Attend?
This course is highly recommended for ethical hackers, penetration testers, network server administrators, firewall administrators, security testers, system administrators, and risk assessment professionals.

Why ITEL?

  • Diverse Range of IT Courses

    We offer a diverse range of IT courses tailored to student needs. Our curriculum covers foundational to advanced topics, ensuring comprehensive learning. We stay updated with industry trends to deliver relevant courses.

  • Skilled & Experienced Instructors

    We are proud to have a team of highly skilled and experienced instructors. Our instructors are industry professionals with in-depth knowledge and expertise across various IT domains.

  • Practical & Hands-on Exercises

    Our courses feature hands-on exercises, projects, and simulations to build practical skills. Students gain confidence by applying knowledge to real-world scenarios.

Course Enquiry for Security Analysis and Penetration Testing (SF)

"*" indicates required fields

I want to find out more about:
Where did you hear of ITEL?*
*Note: If you chose Others, kindly provide more information in the Remarks/Comments/Questions box.
Consent*
Newsletter Subscription
This field is for validation purposes and should be left unchanged.