Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

Penetration Testing & Social Engineering

Penetration testing is a proactive security measure aimed at identifying vulnerabilities in services and organizations before malicious attackers can exploit them.

Penetration testing can be applied across various areas, such as:

  • Web Applications: With the continuous development and release of new web applications, testing for vulnerabilities is crucial.
  • Network and Infrastructure: Not all applications are web-based; many use different protocols. These systems can be tested both externally and internally.
  • Inside Testing/Infected Computer Simulation: Simulating a scenario where a user’s system is compromised by malware, mimicking an attacker’s access to that system, poses a serious risk to the organization.
  • External Organizational Testing: A comprehensive test covering the entire organization. This is ideal but often requires a dedicated internal penetration testing team or significant investment in external testers.
  • Stolen Laptop Scenario: Described further in the scenarios below.
  • Client-Side Applications: Enterprise applications developed in languages like C, C++, Java, Flash, or Silverlight can also be penetration tested for vulnerabilities.
  • Wireless Networks: Testing whether the WIFI can be breached, if devices have outdated or vulnerable software, and if proper network segmentation is in place.
  • Mobile Applications (Android, Windows Phone, iOS): Mobile apps can contain vulnerabilities and connect to enterprise systems, often holding sensitive data like API keys.
  • Social Engineering: Covered in more detail in the scenarios below.
  • Phishing and Vishing: Described further in the scenarios below.
  • Physical Penetration: Testing what happens when a team physically infiltrates a location, such as plugging a laptop into a network port, or other forms of covert physical attacks.
  • ICS (Industrial Control Systems) / SCADA (Supervisory Control and Data Acquisition): These systems control critical assets and should be rigorously tested for vulnerabilities.