4. Secu5: Planning and Implementation of Penetration Tests

Secu5: Planning and Implementation of Penetration Tests

An insecure IT environment may seriously endanger the operations or even the continued existence of companies. Small, insignificant errors often cause dangerous gaps in IT networks. The prerequisite for eliminating these errors is identification of the gaps. Although IT infrastructures and applications may be robustly designed according to high-quality standards, they may still contain weaknesses. In order to identify these weaknesses, a penetration test is ideally suited as a control instrument. Because this is the only way to effectively examine IT networks for security gaps both externally and internally. However, implementation of these simulated hacker attacks is anything but easy and will be discussed during the workshop.

Topics

Penetration tests

  • Why penetration tests?
    • Definition/motivation/characteristics
  • Ethical aspects
  • Legal aspects of penetration tests
  • Automated penetration tests
  • Latest trends / penetration tests of the future

Attack scenario and possible arrangements

  • Test object (perimeter, LAN, WLAN, web application, etc.)
  • Performed once or continuously?
  • Black box or white box test?
  • Aggressive or cautious?

80/20: The pentest service catalog

Red teaming / TIBER-DE

Controlling penetration tests series

  • Project management: PPMO
  • Cost-benefit ratio, budget optimization
  • Metrics and standards 
  • Extent of the series: four tests per year or more?
  • Occasion-related / regular tests
  • Agile environments
  • Test depth / test frequency
  • Sourcing: number/strategy/benchmarking

Reporting

  • Ticket system
  • Metrics
  • Cross-project reporting

Vulnerability management / retests

10 practical tips by Sebastian Schreiber

Duration

One day

Trainings Awe1 "Getting to Know IT Security", Awe2 "Phishing Awareness" and Awe3 "Social Engineering Awareness"

For download in German only

Training 2023

For download in German only

Dates & Registration 2023

For download in German only

Training 2024

For download in German only

Dates & Registration 2024

For download in German only

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de | OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

GET IN TOUCH

+49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours

+49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number