Certified Lead Penetration Tester

Agenda:

Introduction to penetration testing, ethics, planning and scoping

• Penetration testing principles
• Legal and ethical issues
• Fundamental principles of information security and risk management
• Penetration testing approaches
• Phases of penetration testing
• Management of a penetration test

Technical foundation knowledge 

• Network and Infrastructure Security
• Web Application Security
• Mobile Application Security
• Social Engineering

Conducting a penetration test using tools and techniques, and review of testing areas

• Conducting a penetration test – Infrastructure testing
• Conducting a penetration test – Web application penetration testing
• Conducting a penetration test – Social engineering testing
• Conducting a penetration test – Physical security testing

Analyzing results from testing, reporting and follow up

• Documentation of the test quality review and reporting
• Action plans and follow up
• Managing a test programme
• Practical Capture the flag exercises – A 3 hour in class penetration test to be carried out by the delegates

Learning Objectives:

Individuals certified at this level will have demonstrated their understanding of:

• To be able to interpret and illustrate the main Penetration Testing Concepts and Principles
• To understand the core technical knowledge needed to organize and carry out an effective set of tests
• To learn how to effectively plan a penetration test and identify a scope that is suitable and appropriates based on risk
• To learn the practical hands-on skills and relevant tools and techniques to conduct penetration testing effectively
• To effectively manage the time and resources needed to scale a specific Penetration Test

Benefits of Taking This Course:

The course has been designed by industry experts with in-depth experience in the Penetration Testing fields. Unlike other certifications, this course focuses specifically on the knowledge and skills needed by a professional looking to lead or take part in a penetration test. We drill down into the latest technical knowledge, tools and techniques in key areas including Infrastructure, Web Application and Mobile security as well as Social Engineering. In addition, the course focuses on how to practically apply what has been learned on current day-to-day penetration testing and does not expand on unrelated, dated or unnecessary theoretical concepts.

Day 1

Module 1 Course Introduction

Module 2 Enterprise Architecture – An Introduction

Module 3 The TOGAF® Standard – An Introduction

Module 4 The Architecture Development Method

Day 2

Module 5 Enterprise Continuum and Architecture Repository

Module 6 Architecture Content Framework

Module 7 Preliminary Phase and Requirements Management

Day 3

Module 8 Architecture Vision

Module 9 Business Architecture

Module 10 Information Systems Architecture

Module 11 Technology Architecture

Day 4

Module 12 Transition Planning

Module 13 Implementation Governance and Architecture

Change Management

Module 14 Enterprise Security Architecture

Day 5

Module 15 Enterprise Integration and Service Oriented

Architecture

Module 16 Architecture Patterns

Module 17 Architecture Capability Framework

Exam Preparation Guide

• Security professionals wanting to gain formal penetration testing skills
• IT staff looking to enhance their technical skills and knowledge
• Auditors looking to understand the penetration testing processes
• IT and Risk Managers seeking a more detailed understanding of the appropriate and beneficial use of penetration tests
• Incident handlers and Business Continuity professionals looking to use testing as part of their testing regimes