From the course: Complete Guide to Application Security
Join today to access over 25,500 courses taught by industry experts.
Penetration testing
From the course: Complete Guide to Application Security
Penetration testing
- [Instructor] In my opinion, a penetration test is the high point of your application security testing activities. When you're performing any other kind of security test, you're collecting information with the ultimate goal of identifying weaknesses that an attacker might exploit to damage your application. But during a penetration test, you try to actively exploit those weaknesses. I'm an advocate of using the output from all your security testing activity when scoping your penetration test. The more information you can put in the hands of your pen testers, the more value you're going to get from the time they spend hacking your applications. But not all pen tests are scoped and conducted in the same way. There are three approaches to pen testing that I want to discuss: white box, black box, and gray box. White-box pen testing refers to a test where the organization provides the tester with a considerable amount of internal information. This might include reports from your SAS…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
-
(Locked)
Security regulations and compliance7m 6s
-
(Locked)
Threat modeling5m 37s
-
(Locked)
Demo: Building a threat model7m 39s
-
(Locked)
Web security testing guide5m 35s
-
(Locked)
Demo: Conducting a web security test9m 9s
-
(Locked)
Application Security Verification Standard (ASVS)4m 36s
-
(Locked)
Demo: Using the ASVS6m 17s
-
(Locked)
Penetration testing4m 50s
-
(Locked)
Demo: Conducting a penetration test9m 55s
-
(Locked)
-