Nice presentation made in Hack3rCon 2010
The original videos can also be found here
- Purpose and goals of the pentest
(the customer may not know or be wrong)
* What is running your business?
* attack vectors
* evaluate the controls
* potential vulnerabilities
* find real threats to the organization
* It must be a repeatable process and easy to explain
(the methodology is important)
* perhaps a security review can be done instead of a pentest
(A pentest in a really insecure place is not worthy)
* which targets how can you attack and how?
* what are you authorized to do versus real world?
* Open Source Security Testing Methodology
* Crime Prevention Through Environmental Design
- Threat Source Analysis
* Funding, motivation and time
* reconnaissance (google maps :D )
* Wrap Up
- Real world examples
- Being catched by the Police :D
- Recommended reading