Video Description

In this module we take a deeper dive into penetration testing. We begin by pointing out that since vulnerability assessments and pen testing can be disruptive, certain precautions and administrative steps must be undertaken prior to testing. This requires alerting senior management and getting their sign off. In addition, it is vital that policies and procedures set forth by the organization be understood and followed and that well-defined goals for the testing be identified and tracked. We underscore the scope of the tester's responsibilities during testing. A tester's mandate is to determine if a system can withstand an attack. The tester tests and documents. Testers are not responsible for resolving any vulnerability issues they discover! This falls under the important security principle of the separation of duties. A successful pen tester must not only be knowledgeable about technology, but must also be creative. The tester must think like an attacker. This is a case where it's OK to break the rules! Crafty tactics such as social engineering and sniffing out the path of least resistance are key to being an effective pen tester. We offer a final word of advice to aspiring pen testers: don't overlook small weaknesses as these can often lead to big failures!

Course Modules

ISC2 CISSP

CISSP Introduction Module

02:54
Part 1 - Welcome
06:03
Part 2 - Syllabus
19:03
Part 3 - Exam

CISSP Module 01

03:30
Part 1 - Intro
11:46
Part 2 - CIA and IAAA
11:48
Part 3 - Tenets of Secure Design
07:16
Part 4 - Risk Intro
06:24
Part 5 - Risk Assessment
08:38
Part 6 - Risk Analysis
09:57
Part 7 - Risk Mitigation
04:53
Part 8 - Governance vs Management
12:58
Part 9 - Frameworks and Senior Management's Role
08:09
Part 10 - Policies Procedures Standards and Guidelines
04:37
Part 11 - Knowledge Transfer
10:28
Part 12 - Types of Laws
07:35
Part 13 - Specific Laws
07:26
Part 14 - BCP Intro
02:03
Part 15 - BCP Phases
09:01
Part 16 - BCP Roles and Responsibilities
03:03
Part 17 - BCP Subplans
07:50
Part 18 - BCP Remaining Phases
10:23
Part 19 - BIA
02:44
Part 20 - Chapter 1 Review

CISSP Module 02

02:13
Part 01 - Introduction
06:36
Part 02 - Roles and Responsibilities
04:15
Part 03 - Classification
04:36
Part 04 - States of Data
09:19
Part 05 - Configuration Management
01:06
Part 06 - Review

CISSP Module 03

01:23
Part 01 - Intro
06:11
Part 02 - Trusted Computing
08:35
Part 03 - Computer Architecture CPU
07:22
Part 04 - Memory
15:32
Part 05 - Security Models and Access Control Models
16:47
Part 06 - Common Architectures
03:14
Part 07 - Cryptography Intro
06:56
Part 08 - History of Crypto
02:38
Part 09 - Security Services of Crypto
14:05
Part 10 - Crypto Definitions
12:04
Part 11 - Symmetric Cryptography
10:44
Part 12 - Asymmetric Cryptography
06:21
Part 13 - Hybrid Cryptography
06:20
Part 14 - Symmetric vs Asymmetric Cryptography
04:43
Part 15 - RSA Diffie Hellman and ECC
11:29
Part 16 - Hashing
04:58
Part 17 - Digital Signatures MACs and Hashes
17:02
Part 18 - PKI Public Key Infrastructures
07:09
Part 19 - IPSec Part I
08:29
Part 20 - IPSec Part II
05:41
Part 21 - Attacks on Cryptography
02:05
Part 22 - Cryptography Review

CISSP Module 04

02:38
Part 01 - Intro
07:39
Part 02 - OSI Intro
08:23
Part 03 - Layer 1 Physical
10:27
Part 04 - Layer 2 Data Link Part I Media Access
05:18
Part 05 - Layer 2 Data Link Part II Switches
04:17
Part 06 - Layer 3 Network Routers VLANs Switches
05:08
Part 07 - Layer 3 Protocols and Attacks
08:08
Part 08 - Layer 4 Transport TCP and UDP
03:26
Part 09 - Layer 5 and 6 Session and Presentation
05:47
Part 10 - Layer 7 Application
03:59
Part 11 - TCP IP Model and Review
11:11
Part 12 - Common Attacks
14:14
Part 13 - Firewalls, Proxies and NAT
07:39
Part 14 - WAN
07:58
Part 15 - Wireless
05:55
Part 16 - Cloud Computing
01:05
Part 17 - Telecom Review

CISSP Module 05

02:02
Part 01 - Intro to ID
04:05
Part 02 - Defining Identity and Access Management
03:56
Part 03 - Core Security Requirements
06:34
Part 04 - Access Control Models
06:37
Part 05 - Authentication TYPE I
06:02
Part 06 - Authentication TYPE II
05:44
Part 07 - Authentication TYPE III
16:52
Part 08 - SSO and Kerberos
05:23
Part 09 - Access Control Methods
06:43
Part 10 - RADIUS
02:26
Part 11 - Emanations
01:16
Part 12 - ID and Access Management Review

CISSP Module 06

01:10
Part 01 - Intro
11:44
Part 02 - Vulnerability and Pen Testing Overview
06:12
Part 03 - Penetration Testing
09:01
Part 04 - NDS vs HIDS
04:23
Part 05 - Analysis Engines
02:20
Part 06 - Honeypots
01:07
Part 07 - Chapter Review

CISSP Module 07

00:50
Part 01 - Intro
08:16
Part 02 - Incident Response
02:11
Part 03 - Intro to Forensics
07:17
Part 04 - Forensic Investigation Process
03:46
Part 05 - Types of Evidence
04:04
Part 06 - Spares and RAID
02:46
Part 07 - Clustering and Web Farms
04:09
Part 08 - Backups
01:30
Part 09 - Additional Data Redundancy
01:48
Part 10 - Review

CISSP Module 08

02:56
Part 01 - Intro
06:16
Part 02 - Why is Software Unsecure
07:08
Part 03 - Development Methodologies
16:47
Part 04 - Common Architectures
09:05
Part 05 - Monitoring and Auditing
07:38
Part 06 - Adversaries and Review
15:23
Part 07 - OWASP 1 thru 5
10:07
Part 08 - OWASP 6 thru 10
11:36
Part 09 - Defensive Coding
07:24
Part 10 - Change Management
08:02
Part 11 - Vulnerability Scans and Penetration Testing
04:04
Part 12 - Verification Validation Certification and Accreditation
01:00
Part 13 - DB Intro
02:25
Part 14 - DB Models
08:03
Part 15 - Relational Databases

CISSP Module 09

04:14
Final Course Review

Instructed By

Instructor Profile Image
Kelly Handerhan
Instructor