Your task Using one or more of the methodologies discussed earlier, design a penetration testing project of the target network and systems, by planning all steps in the project. Use …
What does it actually mean to be ‘secure’? Most people would think that security means protecting against unauthorised access but there’s actually a lot more to it. Often when we …
Digital systems are being introduced in almost every part of our lives. In our homes, our businesses, national infrastructures and so on. Every new environment provides its own security challenges …
Earlier this week, you should have downloaded the virtual machines (VMs) required for the following practical exercise. Please refer back to the step ‘setting up a virtual lab’ if you …
The OWASP Testing Guide is being developed as part of the OWASP Testing Project of the Open Web Application Security Project (OWASP). It is not a complete methodology covering a …
The Technical Guide to Information Security Testing and Assessment (also known by the catchy title NIST SP800-115) was published by the National Institute of Standard and Technology (NIST) in 2008. …
The Penetration Testing Execution Standard (PTES) is the most recent (and arguably the most complete overall) penetration testing methodology to date. It was developed by a team of information security …
The Open Source Security Testing Methodology Manual (OSSTMM) is peer-reviewed and maintained by the Institute for Security and Open Methodologies (ISECOM). It has been primarily developed as a security auditing …
The Information System Security Assessment Framework (ISSAF) methodology is supported by the Open Information Systems Security Group (OISSG). Although it is no longer maintained and, therefore, a bit out of …
Penetration testing is no longer a single hacker’s ad hoc job. In almost all cases it is a formal process that needs to address the business and security needs of …
Penetration testing is part of the risk management of an organisation. It’s part of the processes for protecting the organisation’s high-value assets, as well as compliance with data protection legislation. …
There are several more laws which can affect the work of the ethical hacker. Communications Act 2003 The Communications Act has two sections which are directly relevant to penetration testing: …
The General Data Protection Regulation (GDPR) is a law implemented across all countries in the European Union (EU). It governs the collection, storage and processing of personal data and protects …
Have you considered what a career in ethical hacking would actually be like? Sam and Kyle, former students on the MSc in Cyber Security, now work as penetration testers for …