From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Designing penetration tests
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
Designing penetration tests
- [Instructor] During a penetration test, the attackers normally begin by gathering information about systems and then using that information to engage in actual attacks. The test is considered successful if the attackers manage to penetrate the target system. The organization's goal is to test security controls by having the attackers attempt to bypass or defeat them. The National Institute for Standards and Technology, or NIST, suggests that penetration tests loop back and forth between a discovery phase and an attack phase. During the discovery phase, attackers conduct reconnaissance against systems and think of possible avenues of exploit. When they find a path of potential vulnerability, they move into the attack phase, where they seek to gain access to the target system, escalate that access to advanced privileges and then browse through the network looking for new systems that they can access from their new vantage point.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.