Workshop in English - UK at PHP Yorkshire 2018
Track Name:
Workshop track 3
Short URL: https://joind.in/talk/7b10e
(QR-Code (opens in new window))
I have been delivering pentesting courses to undergraduate and postgraduate students for several years, and have worked closely with professional pentesters and pentest brokers. The majority of students I teach will go into the CyberSecurity industry, obtaining employment as professionals within the sector for a wide range of well known (and not so well known) businesses and organisations.
This workshop is a necessarily short introduction to the work of a pentester. We will consider the legal requirements, the learning environments, the tools used, and then we will explore the basics of an actual pentest. We will reference the OWASP Top 10, but we will also look at the contents of a scoping document, and how to structure a pentest by selecting relevant ideas from a range of pentesting methodologies.
Comments
Comments are closed.
Good to see some of the tools used and methodology routes.
Of course only so much you can show in a 3 hour session but got a good balance to run with.
Great overview of penetrating covering many areas. Some tools I've not heard of but look really useful.
Clinton presented a great interactive tutorial, and is clearly very knowledgeable on the subject. We had a good exploration using the Samurai VM, using several tools to explore vulnerabilities in the test apps. Also included a good chunk of theoretical content too, and places to look for further information for more reading up. Nice!
Enjoyable session from a very knowledgeable presenter. Lots of good stories and examples from real life of various security breaches and failures.
I think what would have improved it would be more hands on work, as it was billed as a workshop. Although we set up the virtual machine, it seemed like we didn't actually use it that much, but that was what I was most looking forward to getting out of the session.
A great workshop, a nice introduction to pentesting from somebody who knows his stuff, and lots of talk on the bits that isn't what the media would have you think pentesting/hacking is, which is really appreciated.
A good workshop, Clinton is very knowledgeable. I personally would have liked a bit more of a hands-on workshop, but that probably wouldn't have worked as well for those who have had less exposure to the tools used. I think overall, Clinton found a good balance for everyone to get them introduced to the processes and tools used by the pen-testing community.