I have been delivering pentesting courses to undergraduate and postgraduate students for several years, and have worked closely with professional pentesters and pentest brokers. The majority of students I teach will go into the CyberSecurity industry, obtaining employment as professionals within the sector for a wide range of well known (and not so well known) businesses and organisations.

This workshop is a necessarily short introduction to the work of a pentester. We will consider the legal requirements, the learning environments, the tools used, and then we will explore the basics of an actual pentest. We will reference the OWASP Top 10, but we will also look at the contents of a scoping document, and how to structure a pentest by selecting relevant ideas from a range of pentesting methodologies.


Comments are closed.

Good to see some of the tools used and methodology routes.

Of course only so much you can show in a 3 hour session but got a good balance to run with.

Scott Dutton at 13:34 on 13 Apr 2018

Great overview of penetrating covering many areas. Some tools I've not heard of but look really useful.

James Titcumb at 11:28 on 14 Apr 2018

Clinton presented a great interactive tutorial, and is clearly very knowledgeable on the subject. We had a good exploration using the Samurai VM, using several tools to explore vulnerabilities in the test apps. Also included a good chunk of theoretical content too, and places to look for further information for more reading up. Nice!

Iain Fogg at 21:15 on 14 Apr 2018

Enjoyable session from a very knowledgeable presenter. Lots of good stories and examples from real life of various security breaches and failures.

I think what would have improved it would be more hands on work, as it was billed as a workshop. Although we set up the virtual machine, it seemed like we didn't actually use it that much, but that was what I was most looking forward to getting out of the session.

Daniel Shaw at 23:10 on 14 Apr 2018

A great workshop, a nice introduction to pentesting from somebody who knows his stuff, and lots of talk on the bits that isn't what the media would have you think pentesting/hacking is, which is really appreciated.

Adam Prescott at 16:52 on 15 Apr 2018

A good workshop, Clinton is very knowledgeable. I personally would have liked a bit more of a hands-on workshop, but that probably wouldn't have worked as well for those who have had less exposure to the tools used. I think overall, Clinton found a good balance for everyone to get them introduced to the processes and tools used by the pen-testing community.