Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
WEBVTT
00:00:01.010 --> 00:00:02.690
Vulnerability analysis.
00:00:03.650 --> 00:00:10.690
Vulnerability analysis, typically, most accessors or Testa's running vulnerability or network for
00:00:10.700 --> 00:00:16.940
scans to better understand which services the network or the application is running and whether they
00:00:16.940 --> 00:00:23.670
are there are any vulnerabilities in any systems, including in the scope of the assessment.
00:00:24.050 --> 00:00:31.400
So this process often includes a manual vulnerability testing or discovery, which is often the most
00:00:31.400 --> 00:00:36.180
accurate form of vulnerability analysis or vulnerability assessment.
00:00:36.500 --> 00:00:39.710
There are many tools both free and paid for.
00:00:39.950 --> 00:00:47.360
So to assist us in quickly identifying vulnerabilities on a target system or network after discovering
00:00:47.360 --> 00:00:52.720
the vulnerabilities, after discovering security weaknesses.
00:00:53.000 --> 00:00:56.420
The next phase is to attempt exploitation.
00:00:56.900 --> 00:01:02.600
Exploitation is the most commonly ignored or overlooked part of the penetration testing.
00:01:02.840 --> 00:01:09.410
And the reality is that clients and executives don't care about vulnerabilities unless they understand
00:01:09.410 --> 00:01:10.940
why they matter to them.
00:01:11.330 --> 00:01:19.160
Exploitation is the ammunition or evidence that helps articulate why the vulnerability matters and illustrates
00:01:19.160 --> 00:01:23.450
the impact that the vulnerability could have on the organization.
00:01:23.780 --> 00:01:26.010
Furthermore, brutal exploitation.
00:01:26.010 --> 00:01:31.850
Their assessment is not a penetration test and is nothing more than an anaerobic assessment, which
00:01:31.850 --> 00:01:36.890
is most companies can conduct in-house better than a third party consultant called.
00:01:37.640 --> 00:01:44.090
To put it simply, during the information gathering phase, a penetration test will profile the target
00:01:44.090 --> 00:01:46.220
and identify any more robotized.
00:01:46.460 --> 00:01:51.620
Next, using the information about the vulnerabilities, the penetration tester will do their research
00:01:51.740 --> 00:01:57.770
and Chris Bitburg exploits that will take advantage of the vulnerabilities of the target.
00:01:58.040 --> 00:02:03.380
This is what exploitation is when we use exploit.
00:02:03.920 --> 00:02:11.150
This means malicious code to leverage and vulnerability weakness in a system which will allow us to
00:02:11.180 --> 00:02:19.070
execute accurate record and comments on the target, often after successful in exploiting a target system
00:02:19.070 --> 00:02:19.820
or network.
00:02:19.940 --> 00:02:24.590
We may think then the task is done, but it isn't just yet.
00:02:24.920 --> 00:02:30.570
There are tasks and objectives to complete after breaking into the system.
00:02:30.890 --> 00:02:40.310
This is the post exploitation phase in the penetration testing plus exploitation, commercial exploitation.
00:02:41.240 --> 00:02:47.260
Exploitation is the process of gaining access to systems that may contain sensitive information.
00:02:47.600 --> 00:02:49.900
The process exploitation.
00:02:50.060 --> 00:02:57.310
The primary goal is typically to demonstrate the impact that their vulnerability and access gained can
00:02:57.320 --> 00:02:59.150
pose the to the organization.
00:03:01.000 --> 00:03:09.600
So the process of postfix rotation is the continuation of this step where the foothold gained leverage
00:03:09.610 --> 00:03:16.190
it to access data or spread to other systems within the network during the post exploitation.
00:03:16.390 --> 00:03:24.160
The primary goal is to typically to demonstrate the impact that they will mobility and access gain Campos
00:03:24.160 --> 00:03:25.120
to the organization.
00:03:25.480 --> 00:03:32.980
The impact assist in helping executive leadership better understand the vulnerabilities and damage it
00:03:32.980 --> 00:03:34.870
called cost to the organization.
00:03:35.230 --> 00:03:40.130
And the last phase is Re-import Writing Report.
00:03:40.210 --> 00:03:47.860
Writing is exactly as it sounds and is one of the most important elements of any penetration test penetration
00:03:47.860 --> 00:03:48.220
testing.
00:03:48.220 --> 00:03:55.120
Maybe this helps, but report writing is a deliverable that the client sees and is the only tangible
00:03:55.120 --> 00:04:01.810
element given to the client at the end of the assessment report shall be given as much attention and
00:04:01.810 --> 00:04:03.020
care as the testing.
00:04:03.950 --> 00:04:12.430
I our report for writing in greater detail later on this course, but report for writing involves much
00:04:12.430 --> 00:04:16.770
more than listing and few vulnerabilities discovered during the assessment.
00:04:17.170 --> 00:04:20.620
It is the medium in which to convey risk business impacts.
00:04:20.620 --> 00:04:24.280
Summarize your findings and include remediation steps.
00:04:24.640 --> 00:04:25.870
A good penetration test.
00:04:25.870 --> 00:04:32.230
Our needs to be a good report writer or the users they find will be lost and may never be understood
00:04:32.230 --> 00:04:35.670
by the client who hired them to conduct their assessment.
00:04:36.160 --> 00:04:44.680
Having completed this lecture, you are now able to describe each pace of penetration test testing here.
00:04:44.740 --> 00:04:53.260
Birchmore you have a better idea of expectation of penetration testers and expectation penetration testers
00:04:53.260 --> 00:04:54.180
in the industry.
00:04:54.520 --> 00:05:01.450
Next, we will dive into understanding various penetration testing methodologies, standards and frameworks.
00:05:01.540 --> 00:05:03.460
So I am waiting you in Ecclesia.6071
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.