Denial-Of-Service Penetration Testing
This module explains that the purpose of performing a DoS attack is to bring down the performance of a website. It explains that the DoS attack and DDoS are similar attacks. The difference is that DDoS is a distributed attack, wherein the attack is launched from various unsuspected sources. A look at the DoS attacks, its effects, attacker’s strategy, stability, performance and penetration testing.
Password-Cracking Penetration Testing
This module explains that Passwords protect computer resources and files from unauthorized access by malicious users and how companies use a combination of passwords and user IDs to protect their resources against intrusions by hackers and thieves. The tool that simplifies migration synchronization of that system, SAMDUMP is also explained.
Application Penetration Testing
In software engineering, a web application is an application delivered to users from a web server over a network such as the World Wide Web or an intranet. Web applications are popular due to the ubiquity of the web browser as a client, sometimes called a thin client. Application testing involves meticulously testing an application under certain conditions to check for vulnerabilities in the code. The module discusses various steps in the penetration testing of web applications and the tools that are useful for the same.
Database Penetration Testing
The module discusses the various steps in database penetration testing including using SQL plus to enumerate system tables, MySQL Server database testing, and Port Scan UDP/TCP Ports (TCP/UDP). The module also discusses various tools that can be used for dictionary attacks aimed at cracking database login details.
Virus and Trojan Detection
The module discusses the steps to be followed for detecting Trojans and viruses in the system, and lists various spyware detectors, anti-trojans, and antivirus software.
Log Management Penetration Testing
Security software logs are the logs that provide the record of instances of security software. Few of the security software are antimalware software, Intrusion detection and prevention systems, remote access software, web proxies, vulnerability management software, authentication servers, network quarantine servers, routers, firewalls, etc.
The module discusses the need for log management, challenges in log management, the steps for log management penetration testing, and lists guidelines for secure log management.
File Integrity Checking
This module familiarizes File integrity, which verifies if the file is same as the original file and if there are any modifications in the file. It explains about Faulty storage media, Transmission error, Cyclic Redundancy Check (CRC) function takes input data stream of any length and produces an output value of a certain fixed size, Hash-based verification and tools such as md5sum and PasswordZilla.
Data Leakage Penetration Testing
Confidential data of the organization includes important information about the company, its clients, products, planning of new product, and its partners. An organization needs to perform data leakage penetration testing to protect its confidential data from malicious users.
The module explains how data can be leaked, steps for data leakage penetration testing, discusses data privacy and protection acts, and various data protection tools.