Intrusion test: Audit scenario

Formations Intrusion test: Audit scenario

OBJECTIF

This course will teach you to set up a real PenTest or Intrusion Test procedure on your IS
The trainees will be immersed in a practical case as close as possible to a real business situation. Indeed, the PenTest is a very technical intervention, which makes it possible to determine the poten-the real effectiveness of the security applied to the systems, the network and the confidentiality of the information.

In particular, the objectives of the training are:

  • Learn how to write a professional audit report
  • Put yourself in a real Audit situation
  • Organize a penetration-type security audit procedure on your IS

PREREQUISITES

• Avoir suivi ou avoir le niveau du cours HSA

GENERAL INFORMATION

• Code : PNT
• Durée : 5 Days
• schedule : 8h30 - 17h30
• place : training center, Center Urbain Nord

TARGETED AUDIENCE

  • • Security Consultants
  • • Engineers / Technicians
  • • System Administrators / Networks

RESOURCES

• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises

PROGRAM OF TRAINING

  • Days 1
  • Audit methodology

    • The first day will be used to lay the methodological bases for an intrusion-type audit. The main objective is to provide the methodological tools to carry out an intrusion test.The points will be:

  • Objectives and types of PenTest

      • -What is a PenTest?

      - The PenTest cycle

      - Different types of attackers

      - Types of audits (Black Box, White Box, Gray Box)

      - Benefits of PenTest

      - PenTest Limits

      - Special cases (Denial of service, Social engineering)

  • Regulatory aspect

      • - Responsibility of the auditor

      - Frequent constraints

      - Legislation: Articles of Law

      - Precautions

      - Important points of the mandate

  • Elements of report writing

      • -Importance of the report

      -Composition (General Synthesis, Technical Synthesis)

      -Risk assessment

      -Examples of impacts

      -Put yourself in the shoes of the agent

      A review of the main attack techniques and tools used will also be done in order to better prepare the trainees following the training.

  • Days 2, 3 et 4

    • An audit scenario will be made to apply the methodological and technical tools seen on the first day to a concrete case.The goal is to put trainees face a scenario as close as possible to a real case, a corporate network. The audited information system will have various vulnerabilities (Web, Applications, etc.) more or less easy to discover and exploit.The aim is to find a maximum during the audit and to provide the client with the appropriate recommendations so that the latter effectively secures his information system. To do this, the trainer will put himself in the place of a client. for whom trainees will have to audit the information system.These will be left in autonomy and methodological and technical points will be regularly made by the trainer to guide the trainees throughout the simulation.

    The trainer will act as a guide to :

      give trainees the benefit of their experience on the ground

      - put into practice the theoretical part of the first day

      -to develop a schedule

      - help trainees find and exploit vulnerabilities

      -format discoveries made to make a report to the client

  • Days 5
  • The last day will be devoted to the report. The writing of the latter and the methods of transmission will be discussed.

    • Report preparation

      - Formatting the information collected during the audit

      -Preparation of the document and application of the methodology seen on the first day

    - Writing the report

      - Global analysis of system security

      - Description of the vulnerabilities found

    Transmission of the report

      - Necessary precautions

      - Methodology of report transmission

      - What to do once the report is sent?

Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.