Pentesting Do’s and Dont’s

Clinton Ingrams (13.Apr.2018 at 09:30, 3 hr )
Workshop at PHP Yorkshire 2018 (English - UK)

Rating: 5 of 5

I have been delivering pentesting courses to undergraduate and postgraduate students for several years, and have worked closely with professional pentesters and pentest brokers. The majority of students I teach will go into the CyberSecurity industry, obtaining employment as professionals within the sector for a wide range of well known (and not so well known) businesses and organisations.

This workshop is a necessarily short introduction to the work of a pentester. We will consider the legal requirements, the learning environments, the tools used, and then we will explore the basics of an actual pentest. We will reference the OWASP Top 10, but we will also look at the contents of a scoping document, and how to structure a pentest by selecting relevant ideas from a range of pentesting methodologies.

Who are you?

Claim talk

Talk claims have been moved to the new site.

Please login to the new site to claim your talk

Comments closed.


Rating: 5 of 5

13.Apr.2018 at 13:16 by Peter mcdonald (41 comments) via Web2 LIVE

Good to see some of the tools used and methodology routes.

Of course only so much you can show in a 3 hour session but got a good balance to run with.

Rating: 5 of 5

13.Apr.2018 at 13:34 by Scott Dutton (36 comments) via Web2 LIVE

Great overview of penetrating covering many areas. Some tools I've not heard of but look really useful.

Rating: 5 of 5

14.Apr.2018 at 11:28 by James Titcumb (280 comments) via Web2 LIVE

Clinton presented a great interactive tutorial, and is clearly very knowledgeable on the subject. We had a good exploration using the Samurai VM, using several tools to explore vulnerabilities in the test apps. Also included a good chunk of theoretical content too, and places to look for further information for more reading up. Nice!

Rating: 4 of 5

14.Apr.2018 at 21:15 by Iain Fogg (21 comments) via Web2 LIVE

Enjoyable session from a very knowledgeable presenter. Lots of good stories and examples from real life of various security breaches and failures.

I think what would have improved it would be more hands on work, as it was billed as a workshop. Although we set up the virtual machine, it seemed like we didn't actually use it that much, but that was what I was most looking forward to getting out of the session.

Rating: 5 of 5

14.Apr.2018 at 23:10 by Daniel Shaw (37 comments) via Web2 LIVE

A great workshop, a nice introduction to pentesting from somebody who knows his stuff, and lots of talk on the bits that isn't what the media would have you think pentesting/hacking is, which is really appreciated.

Rating: 5 of 5

15.Apr.2018 at 16:52 by Adam Prescott (7 comments) via Web2 LIVE

A good workshop, Clinton is very knowledgeable. I personally would have liked a bit more of a hands-on workshop, but that probably wouldn't have worked as well for those who have had less exposure to the tools used. I think overall, Clinton found a good balance for everyone to get them introduced to the processes and tools used by the pen-testing community.

© 2019