Security Analysis and Penetration Testing (SF)

A rigorous Pen Testing program that, unlike contemporary Pen Testing courses, teaches you how to perform an effective penetration test across filtered networks.

Course DATE

22-26 January 2024

Course Fee (with 9% GST)

Full Course Fees: $3,324.50

Self-Sponsored
SG Citizen/PR aged ≥ 21 years: $997.35
SG Citizen aged ≥ 40 years: $387.35

Co-Sponsored (SME)
SG Citizen/PR aged ≥ 21 years: $387.35
SG Citizen aged ≥ 40 years: $387.35

Co-Sponsored (MNC)
SG Citizen/PR aged ≥ 21 years: $997.35
SG Citizen aged ≥ 40 years: $387.35

Overview

Course reference number: TGS-2018500733

A rigorous Pen Testing program that, unlike contemporary Pen Testing courses, teaches you how to perform an effective penetration test across filtered networks. The course requires you to Pen Test IoT systems, OT systems, builds on your ability to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and various technologies.

Prerequisites

Participants are recommended to attend CEH course before enrolling for this course.

IMportant notes

All Trainees must take note of the following:
  1. Must attend at least 75% of the course before being eligible to take the assessments.
  2. Dynamic QR Code Attendance Taking:
    a. Scan the QR Code that will be displayed by the Trainer on each session. Use your SingPass App to scan and submit your attendance. If you fail to do so, you will be deemed absent from that session.
    b. The QR Code is only accessible on:
    • Morning Session: between 9.00 am to 1.00 pm.
    • Afternoon Session: between 2.00 pm to 6.00 pm.
    c. Please take the attendance one at a time as the system can only register you one by one.
  3. Sign daily on the Attendance Sheet as a backup if any technical glitch happens.
  4. Submit Course Evaluation by the end of each module to help us improve the course and your future learning experience with us.
The course completion requirements for this course as follow:
  1. Attended at least 75% of the course.
  2. Declared as competent during the assessments.

Who Should Attend?

This course is highly recommended for ethical hackers, penetration testers, network server administrators, firewall administrators, security testers, system administrators, and risk assessment professionals.

Course Outline

  • Computer Network Fundamentals
  • TCP/IP protocol suite IP Addressing and port numbers
  • Network Terminology
  • Network Security Controls
  • Network Security Devices
  • Network File System (NFS)
  • Windows Security
  • Unix/Linux Security
  • Virtualization
  • Web Server
  • Web Application
  • Web Markup and Programming Languages
  • Application Development Frameworks and their Vulnerabilities
  • Web API’s
  • Web Sub Components
  • Web Application Security Mechanisms
  • Working of Most Common Information Security Attacks
  • Information Security Standards, Laws and Acts
  • What is Penetration Testing?
  • Benefits of Conducting a Penetration Test
  • ROI for Penetration Testing
  • How Penetration Testing Differs from Ethical Hacking?
  • Comparing Security Audit, Vulnerability Assessment and Penetration Testing
  • Types of Penetration Testing
  • Penetration Testing: Cost and Comprehensiveness
  • Selecting an Appropriate Testing Type
  • Different Ways of Penetration Testing
  • Selecting the Appropriate Way of Penetration Testing
  • Common Areas of Penetration Testing
  • Penetration Testing Phases
  • Penetrating Testing Methodologies
  • Need for a Methodology
  • LPT Penetration Testing Methodology
  • Penetration Testing Essentials
  • Penetration Testing: Pre-engagement Activities
  • Pre-engagement Activities
  • Request for Proposal (RFP)
  • Preparing Response Requirements for Proposal Submission
  • Setting the Rules of Engagement (ROE)
  • Establishing communication lines: Identify the Details of the Key Contact
  • Timeline
  • Time/Location
  • Frequency of meetings
  • Time of Day
  • Identify who can help you?
  • ROE Document
  • Handling Legal Issues in Penetration Testing Engagement
  • Penetrating Testing Contract
  • Preparing for Test
  • Handling Scope Creeping during pen test
  • OSINT Gathering Steps
  • OSINT Through World Wide Web (WWW)
  • OSINT through Website Analysis
  • OSINT Through DNS Interrogation
  • Automating your OSINT Effort Using Tools/Frameworks/Scripts
  • Social Engineering Penetration Testing
  • Skills Required to Perform Social Engineering Pen Test
  • Common Targets of Social Engineering Pen Test
  • Do Remember: Before Social Engineering Pen Test
  • Black Box or White Box?
  • Social Engineering Penetration Testing Steps
  • Social Engineering Penetration Testing using Email Attack Vector
  • Social Engineering Penetration testing using Telephone Attack Vector
  • Social Engineering Penetration testing using Physical Attack Vector
  • Network Penetration Testing
  • External vs. Internal Penetration Testing
  • External Network Penetration Testing
  • Internal Network Penetration Testing
  • Network Penetration Testing Process
  • White, Black or Grey-box Network Penetration Testing?
  • External Network Penetration Testing Steps
  • Port Scanning
  • OS and Service Fingerprinting
  • Vulnerability Research
  • Exploit Verification
  • Internal Network Penetration Testing
  • Why Internal Network Penetration Testing?
  • Internal Network Penetration Testing Steps
  • Footprinting
  • Network Scanning
  • OS and Service Fingerprinting
  • Enumeration
  • Vulnerability Assessment
  • Windows Exploitation
  • Unix/Linux Exploitation
  • Other Internal Network Exploitation Techniques
  • Automating Internal Network Penetration Test Effort
  • Post Exploitation
  • Steps for Firewall Penetration Testing
  • Steps for IDS Penetration Testing
  • Steps for Router Penetration Testing
  • Steps for Switch Penetration Testing
  • Assessing Firewall Security Implementation
  • Assessing IDS Security Implementation
  • Assessing Security of Routers
  • Assessing Security of Switches
  • White Box or Black Box?
  • Web Application Penetration Testing
  • Web Application Security Frame
  • Security Frame vs. Vulnerabilities vs. Attacks
  • Web Application Penetration Testing Steps
  • Discover Web Application Default Content
  • Discover Web Application Hidden Content
  • Conduct Web Vulnerability Scanning
  • Identify the Attack Surface Area
  • Tests for SQL Injection Vulnerabilities
  • Tests for XSS Vulnerabilities
  • Tests for Parameter Tampering
  • Tests for Weak Cryptography Vulnerabilities
  • Tests for Security Misconfiguration Vulnerabilities
  • Test for Client-Side Scripting Attack
  • Tests for Broken Authentication and Authorization Mechanism
  • Tests for Broken Session Management Vulnerabilities
  • Test for Web Services Security
  • Tests for Business Logic Flaws
  • Tests for Web Server Vulnerabilities
  • Tests for Thick Clients Vulnerabilities
  • Database Penetration Testing Steps
  • Information Reconnaissance
  • Database Enumeration: Oracle
  • Database Enumeration: MS SQL Server
  • Database Enumeration: MySQL
  • Vulnerability and Exploit Research
  • Database Exploitation: Oracle
  • Database Exploitation: MS SQL Server
  • Database Exploitation: MySQL
  • Wireless Penetration Testing
  • WLAN Penetration Testing Steps
  • RFID Penetration Testing Steps
  • NFC Penetration Testing Steps
  • Mobile Device Penetration Testing Steps
  • IoT Penetration Testing Steps
  • Wireless Local Area Network (WLAN) Penetration Testing
  • RFID Penetration Testing
  • NFC Penetration Testing
  • Mobile Device Penetration Testing
  • IoT Penetration Testing
  • Distribution of Public Cloud Services: AWS, Azure, Google Clouds Are on TOP among others
  • Cloud Computing Security and Concerns
  • Security Risks Involved in Cloud Computing
  • Role of Penetration Testing in Cloud Computing
  • Do Remember: Cloud Penetration Testing
  • Scope of Cloud Pen Testing
  • Cloud Penetration Limitations
  • Cloud Specific Penetration Testing
  • Cloud Reconnaissance
  • Identify the Type of Cloud to be tested
  • Identify What to be Tested in Cloud Environment
  • Identify the Tools for Penetration Test
  • Identify What Allowed to be Tested in Cloud Environment
  • Identify Which Tests are Prohibited
  • AWS’s Provision for Penetration Testing
  • Azure’s Provision for Penetration Testing
  • Google Cloud’s Provision for Penetration Testing
  • Identify Date and Time for Penetration Test
  • Cloud Specific Penetration Testing
  • Recommendations for Cloud Testing
  • Penetration Testing Deliverables
  • Goal of the Penetration Testing Report
  • Types of Pen Test Reports
  • Characteristics of a Good Pen Testing Report
  • Writing the Final Report
  • Document Properties/Version History
  • Table of Contents/Final Report
  • Summary of Execution
  • Scope of the Project
  • Evaluation Purpose/System Description
  • Assumptions/Timeline
  • Summary of Evaluation, Findings and Recommendations
  • Methodologies
  • Planning
  • Exploitation
  • Reporting
  • Comprehensive Technical Report
  • Result Analysis
  • Recommendations
  • Appendices
  • Sample Appendix
  • Penetration Testing Report Analysis
  • Report on Penetration Testing
  • Pen Test Team Meeting
  • Research Analysis
  • Pen Test Team Meeting
  • Research Analysis
  • Pen Test Findings
  • Rating Findings
  • Analyze
  • Prioritize Recommendations
  • Delivery Penetration Testing Report
  • Cleanup and Restoration
  • Report Retention
  • Sign-off Document Template
  • Post-Testing Actions for Organizations

Get Pricing and Brochure

More Like This

Get the course Brochure & Pricing

Our course consultant will contact you within 1 working day

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Get in touch with our consultant