Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Vulnerability assessment tools covered in Pen testing course

SANS Institute : 05 June, 2014  (New Product)
Python for penetration testers will be covered as part of the Pen Test Berlin event for the assessment of vulnerabilities
Vulnerability assessment tools covered in Pen testing course

In response to HeartBleed, a serious vulnerability in OpenSSL 1.0.1 that allows a remote attacker to extract data from the memory of a target computer, a number of new tools that exploit the vulnerability have been released into the InfoSec community in just a few weeks from the discovery of the flaw.

Tools such as SSLTEST, HB-TEST, HEARTBEAT_SCANNER have quickly gone into wider circulation to develop exploits that demonstrate the seriousness of the vulnerability. “The thing these tools all have in common is that they were written in Python,” says Mark Baggett, SANS Certified Instructor, “Why? Because Python is a "rapid deployment", "batteries included" language that includes the core set of libraries and everything that you need to perform a wide variety of tasks, including developing exploits with most exploit tools only requiring a few lines of code.”

Baggett is also the course author of SANS SEC573: Python for Penetration Testers, a course designed to help penetration testers customise existing open source code or develop their own tools. As course instructor Tim Medin explains, “You know, I've been a little surprised by the number of systems administrators and network defenders that attend SEC573. It was written with the penetration tester in mind but it is clear that the skills are relevant across a wider group.”

This course is designed to meet students at their current skill level, appealing to a wide variety of backgrounds ranging from people without a drop of coding experience all the way up to skilled Python developers looking to increase their expertise and map their capabilities to penetration testing. The course includes language essentials and the development of a SQL Injection tool, a password guesser and a custom backdoors and a network reconnaissance tool.  “These are certainly tools that every penetration tester needs while most security professionals find the skills required to develop those tools are easily applied to all kinds of situations.  In short, everyone can easily benefit from the Python skills that are certainly developed in this course,” says Medin.

The forthcoming SANS Pen Test Berlin 2014 is the largest dedicated training event for ethical hackers in Europe and runs at the Radisson Blu Hotel in Berlin from the 15th to the 21st of June. Across 6 days, attendees will participate in advanced penetration testing and ethical hacking courses led by SANS' globally renowned, expert instructors. Each evening, SANS will host a series of @Night talks and social functions across a wide range of subject areas.

Alongside SANS SEC573: Python for Penetration Testers, Pen Test Berlin 2014 will also host:

* SANS SEC760: Advanced Exploit Development for Penetration Testers with Stephen Sims
* SEC542: Web App Penetration Testing and Ethical Hacking with Pieter Danhieux
* SEC560: Network Penetration Testing and Ethical Hacking with James Lyne
* SEC575: Mobile Device Security and Ethical Hacking with Raul Siles

The courses provide essential preparation for a number of Global Information Assurance Certification (GIAC) exams including GIAC Penetration Tester (GPEN), GIAC Assessing and Auditing Wireless Networks (GAWN) and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo