Today, in order to claim to have a sufficient level of protection over the whole of its infrastructure, it is necessary to carry out audits. This course aims to illustrate all methods to test systems with all known attacks. Conducting an audit imposes rules and limitations that need to be known. This training describes the different audit methodologies and their particularities. A presentation of essential tools as well as practical work to understand and know their use will be made.
In particular, the objectives of the training are as follows:
•Course level HSF / HSA
• Knowledge of Linux and Windows systems
• Code : AUDSI
• Duration : 3 Days
• schedule : 8h30 - 17h30
• place : training center, Center Urbain Nord, Tunis
• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises
• Definition of the intrusion test
• The interest of the intrusion test
• The phases of an intrusion test
• Recognition
• Vulnerability analysis
• Exploitation
• Gain and maintain access
• Reports and end of testss
Technical scope of the audit
• Responsibility of the auditor
• Frequent Constraints
• Legislation: Articles of Law
• Usual precautions
• External
• Internal
• Usefulness of the methodology
• Audit methods
• Recognized methodologies
• classical infrastructure
• SCADA infrastructure
• web
• code
• Code analysis tools
• Static analysis tools
• Dynamic analysis tools
Taking information
• Open Sources
• Active
scanning
• Port Scan
• Vulnerability Scan
• Network Tools
• System Analysis Tools
• Web analysis tools
• Operating Frameworks
• Access maintenance tools
•Application of methodology and tools on a concrete case
• Risk Assessment
• Impact, potentiality and criticality of a vulnerability
• Organize the report
• Additional services to propose
Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.