Security Analyst Exercises

/Security Analyst Exercises

SQL Penetration Testing

SQL Injection is a technique often used to attack a website. It is the most common website vulnerability on the Internet. Understanding when and how a web application connects to a database server in order to access data Extracting basic SQL Injection flaws and vulnerabilities Testing web applications for Blind SQL [...]

August 25th, 2014|Categories: Security Analyst Exercises, SQL Penetration Testing|Comments Off on SQL Penetration Testing

Web Application Penetration Testing

Web Applications Penetration Testing refers to carrying unauthorized access of a website or the website details. Parameter tampering Cross-Site Scripting (XSS) Web Application Penetration Testing The Security Analyst Exercises / Web Application Penetration Testing contains the following Exercises: Hacking Web Applications The Virtual [...]

August 25th, 2014|Categories: Security Analyst Exercises, Web Application Penetration Testing|Comments Off on Web Application Penetration Testing

Social Engineering Penetration Testing

Social engineering is the art of convincing people to reveal confidential information. Social engineers depend on the fact that people are aware of valuable information and are not usually diligent in protecting it. Protect the network from phishing attacks To do this lab, you need:A computer running Kali Linux operating System [...]

August 20th, 2014|Categories: Security Analyst Exercises, Social Engineering Penetration Testing|Comments Off on Social Engineering Penetration Testing

Password Cracking Penetration Testing

Password Cracking Penetration Testing The Security Analyst Exercises / Password Cracking Penetration Testing contains the following Exercises: Extracting Administrator Passwords Using L0phtCrack The Virtual Private Cloud for this Lab set utilizes: Security Analyst Exercises are available as part of the following subscription: Each subscription provides 6 months access to 15 Different Exercises. [...]

August 20th, 2014|Categories: Password Cracking Penetration Testing, Security Analyst Exercises|Comments Off on Password Cracking Penetration Testing

IDS Penetration Testing

An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Install and configure Snort IDS Run Snort as a service Machine names, network resources, and services Store snort log files to [...]

August 20th, 2014|Categories: IDS Penetration Testing, Security Analyst Exercises|Comments Off on IDS Penetration Testing

Firewall Penetration Testing

HTTPort is a program from HTTHost that creates a transparent tunnel through a proxy server or firewall. Firewall Penetration Testing The Security Analyst Exercises / Firewall Penetration Testing contains the following Exercises: HTTP Tunneling to Bypass Firewalls Using HTTPort The Virtual Private Cloud for this [...]

August 20th, 2014|Categories: Firewall Penetration Testing, Security Analyst Exercises|Comments Off on Firewall Penetration Testing

Internal Network Penetration Testing

Penetration Testing is a method of performing specific tests on a computer, network or web application and check for vulnerabilities that can be made use of for exploitation. User name and user groups Lists of computers, their operating systems, and ports Machine names, network resources, and services Lists of shares on [...]

August 20th, 2014|Categories: Internal Network Penetration Testing, Security Analyst Exercises|Comments Off on Internal Network Penetration Testing

External Penetration Testing

External Penetration Testing simulates the actions of an actual attacker exploiting vulnerabilities in the network security to determine what information is actually exposed to the outside world. Check live systems and open ports Perform banner grabbing and OS fingerprinting Identify network vulnerabilities Draw network diagrams of vulnerable hosts [...]

August 20th, 2014|Categories: External Penetration Testing, Security Analyst Exercises|Comments Off on External Penetration Testing

Vulnerability Analysis

Nessus allows you to remotely audit a network and determine if it has been broken into or misused in some way. It also provides the ability to locally audit a specific machine for vulnerabilities. Use the Nessus tool Scan the network for vulnerabilities [...]

August 20th, 2014|Categories: Security Analyst Exercises, Vulnerability Analysis|Comments Off on Vulnerability Analysis

Information Gathering

Information gathering refers to collecting information about a target company that will help in penetration testing and security auditing of the company. Extract a company'™s information List employees of the company Use search engines to collect the information Search for link popularity of the company's website Gather competitive intelligence List the [...]

August 20th, 2014|Categories: Information Gathering, Security Analyst Exercises|Comments Off on Information Gathering