An Introduction to Security Testing Workshop presented by MWR InfoSecurity

Presenter/s: Sagi Shahar, Marcel Schlebusch, Harry Grobbelaar

Workshop aims:

The workshop will focus on using open source tools and exploitable VM’s that are publicly available on the internet.

 Workshop content:

• History of hacking
• Profile of a hacker
  • Who? – From script kiddies to nation state sponsored and in-between
  • Why? – What motivates attackers?
  • How? – How do attackers breach systems?

• Basic principles of an attack
  • High level overview of attack principles
  • Infrastructure & applications – The Layer Cake
  • Overview of simplified attack phases

                                          i.    Recon/information-gathering

                                         ii.    Discovery

                                        iii.    Attack/Exploit

                                        iv.    Post Exploitation

• Exploring the phases of an infrastructure attack
  • Typical organisation architectures
  • Common infrastructure vulnerabilities
  • Practical: Infrastructure testing per phase

• Exploring the phases of web application hacking
  • Typical architecture of a web application environment
  • Common web application vulnerabilities
  • Practical: Web application testing per phase

• Further Information
  • Where to find information (forums, books etc.)
  • Pursuing InfoSec as a career
  • Open discussion