From the course: Security Testing Essential Training
Join today to access over 25,300 courses taught by industry experts.
Penetration test planning
From the course: Security Testing Essential Training
Penetration test planning
- [Instructor] As I mentioned earlier, I'm thoroughly convinced that the best way to validate your cybersecurity controls is through a penetration test. Practically speaking, penetration testing can often be summed up into two concepts: privilege escalation and lateral movement. Your initial goal is often to compromise a single system or application by compromising a set of valid credentials. From there, you'll want to escalate your privileges, ideally controlling or creating an administrative account. Once you migrate your attack activity to that administrative account, you'll want to move to another system or another application pillaging sensitive data along the way. While the goal of many penetration tests is to compromise privilege credentials, this isn't always the case. If performing a penetration test as part of your PCI DSS compliance efforts, you should be attempting to compromise card holder data. If you can access unencrypted credit cards via an application security…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.