8 quick tips for penetration testing
TRANSCRIPT
©2 0 1 5 C o r e S e c u r i t y
Tips for Penetra.on Tes.ng 8
©2 0 1 5 C o r e S e c u r i t y
TEST WELL OFTEN At least one per quarter or any 5me there is a significant change to your IT infrastructure. If this seems like it is too oAen, remember aDackers are tes5ng your IT infrastructure every single day.
2
1
©2 0 1 5 C o r e S e c u r i t y
THINK RISK Define your goals. Step back and ask, “What am I trying to protect? What are my cri6cal assets?” What if email goes down? How would it impact your business?
3
2
©2 0 1 5 C o r e S e c u r i t y
CHOOSE WISELY There are many capable, powerful tools out there, but some are easier to use than others. Buy one your team can use.
4
3
©2 0 1 5 C o r e S e c u r i t y
POLICY POLICE If a test takes your system down, you’ll want to ensure you were ac5ng within company policy and are prepared to implement a security incident response plan.
5
4
©2 0 1 5 C o r e S e c u r i t y
BE A KNOW-‐IT-‐ALL Iden5fy devices, applica5ons, databases, etc. The more you know about a target, the beDer chance you have of breaking in.
6
5
©2 0 1 5 C o r e S e c u r i t y
REMEDIATION ✓ The aDack path. A breach usually occurs when mul5ple vulnerabili5es connect across vectors. Start remedia5on efforts here.
7
6
©2 0 1 5 C o r e S e c u r i t y
E-‐Z SELF ASSESS If you pay a contractor to scan your website, you’re throwing out money. If your team doesn’t know how to do this, you have a problem a consultant can’t fix.
8
7
©2 0 1 5 C o r e S e c u r i t y
BE PARANOID BeDer to be safe than sorry. Take a look around your physical workspace, consider every poten5al event and procedures that could put assets at risk.
9
8
©2 0 1 5 C o r e S e c u r i t y
LEARN MORE ABOUT ATTACK INTELLIGENCE
Visit www.coresecurity.com to learn more about pen tes5ng and how we are reinven5ng vulnerability management.
10
GET MORE INFO