This module explains the advanced features of the search engine “Google”. It also gives a comprehensive explanation on Site Operator, intitle:index.of, error | warning, Google Advanced Search Form, categorization of the operators , viewing live web cams , locating the source code with common strings , locating the vulnerable targets , locating targets via demonstration pages, locating targets via source code, vulnerable web application examples, locating targets via CGI scanning, a single CGI scan-style query, directory listings, web server software error messages, and the Goolag scanner.
Routers and Switches Penetration Testing
This module discusses the need for router testing and various issues involved in it, and aims to give a single point reference for router security assessment and countermeasures for the identified weaknesses. It gives the list of steps for Router Penetration Testing and also steps for Testing Switches.
Firewall Penetration Testing
This module explains what a firewall is and the importance of it. It also explains the various features of firewall and its functioning. This module gives a comprehensive view of the possible vulnerabilities in a firewall and the tests that help discover the vulnerabilities.
IDS Penetration Testing
Intrusion Detection Systems (IDS) is a software/hardware that detects and logs inappropriate, incorrect, or anomalous activity. IDSes are typically characterized based on the source of the data they monitor.
This module gives a brief introduction about various Intrusion Detection Systems and their benefits. It also explains Wireless Intrusion Detection Systems and various IDS testing tools. This module explains IDS Penetration testing steps. It also discusses in detail about Traffic IQ Professional.
Physical Security and Stolen Laptop,
PDA, and Cell Phone Penetration Testing
Physical security defends the organization from attackers trying to access a resource or information stored on media of the organization. Cyber security development focuses on mitigating attacks to computer networks as well as preventing the physical attacks.
Business executives are increasingly reliant on laptops, PDAs, and cell phones for their portability, and the ability to work on the go. Losing such a device could result in losing the important financial information, trade secrets, and other personal information.
This module discusses various steps in the penetration testing of physical security and a stolen laptop, PDA, or cell phone and how attackers gather information from a stolen device.
E-Mail Security Penetration Testing
This module explains about email accounts which are a storage area for people to store their private information, including their business data. The module discusses phishing, an Internet scam used to force the users to give their personal and confidential information, and spamming which is the process of populating the user’s inbox with unsolicited or junk email.
The module familiarizes with HTA (HTML Application) file extensions, which consist of commands that can perform anything on the computer once executed and the attachment which can bypass the security settings on the network. It also gives brief introduction to PhishTank SiteChecker which blocks phishing pages, SpoofGuard which prevents from malicious attacks, and SpamExperts Desktop which blocks spam.
Security Patches Penetration Testing
This module explains Patch Management, a part of system management that involves the acquisition, testing, and installation of patches to an administrated computer system. . The module talks about PVG (Patch and vulnerability group) which is created by the organization. PVG uses OS, application patching, automated patch management tools, and configuration changes to eradicate vulnerabilities. It also familiarizes with patch testing in non production system and vender authentication mechanism prior to installation of the patches.