Design a pen test
Your task Using one or more of the methodologies discussed earlier, design a penetration testing project of the target network and systems, by planning all steps in the project. Use …
Course: Ethical Hacking: An Introduction
Information security
What does it actually mean to be ‘secure’? Most people would think that security means protecting against unauthorised access but there’s actually a lot more to it. Often when we …
Challenges of the future
Digital systems are being introduced in almost every part of our lives. In our homes, our businesses, national infrastructures and so on. Every new environment provides its own security challenges …
Setting up your network
Earlier this week, you should have downloaded the virtual machines (VMs) required for the following practical exercise. Please refer back to the step ‘setting up a virtual lab’ if you …
What is the OWASP Testing Guide?
The OWASP Testing Guide is being developed as part of the OWASP Testing Project of the Open Web Application Security Project (OWASP). It is not a complete methodology covering a …
NIST SP800-115
The Technical Guide to Information Security Testing and Assessment (also known by the catchy title NIST SP800-115) was published by the National Institute of Standard and Technology (NIST) in 2008. …
Penetration Testing Execution Standard (PTES)
The Penetration Testing Execution Standard (PTES) is the most recent (and arguably the most complete overall) penetration testing methodology to date. It was developed by a team of information security …
Open Source Security Testing Methodology Manual (OSSTMM)
The Open Source Security Testing Methodology Manual (OSSTMM) is peer-reviewed and maintained by the Institute for Security and Open Methodologies (ISECOM). It has been primarily developed as a security auditing …
Information System Security Assessment Framework (ISSAF)
The Information System Security Assessment Framework (ISSAF) methodology is supported by the Open Information Systems Security Group (OISSG). Although it is no longer maintained and, therefore, a bit out of …
An introduction to the methodologies
Penetration testing is no longer a single hacker’s ad hoc job. In almost all cases it is a formal process that needs to address the business and security needs of …
Ethical Hacking in Linux
A lot of the work of an ethical hacker is done using Linux. In order to be successful in this field, your Linux knowledge and skills should be at a …
Ethical Hacking: Penetration Testing
Penetration testing is part of the risk management of an organisation. It’s part of the processes for protecting the organisation’s high-value assets, as well as compliance with data protection legislation. …
Other relevant legislation
There are several more laws which can affect the work of the ethical hacker. Communications Act 2003 The Communications Act has two sections which are directly relevant to penetration testing: …
What is General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is a law implemented across all countries in the European Union (EU). It governs the collection, storage and processing of personal data and protects …
Tales from the field
Have you considered what a career in ethical hacking would actually be like? Sam and Kyle, former students on the MSc in Cyber Security, now work as penetration testers for …