CanSecWest: Security Masters Dojo Vancouver
Penetration Testing - Reporting and Analysis: Being a Tester, Not Just Another Hacker
Register for March 5th to 6th Course Instructor(s):
Mike Murray
Description
When it comes to penetration testing, the differentiator between a good penetration test and a great one isn't usually the level of technical skill of the tester. The ability to put their results in a format that the client understands and can use once the tester has finished is the difference.
While this course won't make you a better hacker, it will prepare you to deliver the kind of penetration tests that clients will be happy to have you do over and over if you provide services. In addition to testers, this course is ideal for those that want to hold their penetration testers responsible for providing useful information and will show how to get the most ROI out of your penetration tests.
What You Will Learn
Once a penetration test is completed and all of the data is gathered, the key skill of a penetration tester is to turn that data in to useful information that the client can use. The students in this class will learn to take a set of penetration test data and turn it in to that type of information. The class will teach you to:
- Analyze Results
- Going from penetration to finding
- Elimination of false positives
- The art of abstraction
- Reporting
- The report as narrative
- Report Structure
- Speaking to Executives
- Information Graphics - A picture is worth more than 1000 words
- WIIFM - How much to talk about yourself
- Writing actionable Technical Findings
- Remediation planning - Making your report useful for actually fixing things
Students will leave the class with an understanding of how to make
penetration test reports useful for their clients and/or management.
*As a takeaway from this class students will receive detailed document
templates and materials that they can use on future penetration tests.*
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
Prerequisite material
This class is imperative for any student that will actually be performing penetration tests in a professional environment whether on a consulting project or as a part of their job. There is a major difference between those that know how to play around with all of the fun tools, and those that can actually put all that they have accomplished while testing into the appropriate format and report their findings. In addition to testers, this course is ideal for those that want to hold their penetration testers responsible for providing useful information.
- laptop requirements:
- - A Laptop :)
