Pentester Training – Practical Penetration Testing and IT Security
Level
IntermediateDuration
24h / 3 daysDate
Individually arrangedPrice
Individually arrangedPentester Training – Practical Penetration Testing and IT Security
The Pentester – Practical Penetration Testing and IT Security training is a comprehensive workshop that prepares you to independently conduct security testing of applications, networks, and IT infrastructure. During the course, you will learn the key aspects of web, mobile, and operating system security, gain the ability to identify weak points, and effectively exploit vulnerabilities. Throughout the training, you will work with tools commonly used in the daily work of pentesters (Nmap, Wireshark, Burp Suite, Metasploit) and acquire knowledge aligned with industry best practices (including OWASP Top 10).
Who is this training for?
IT specialists who want to start working in penetration testing-
System administrators and engineers who want to improve the security of their infrastructure
-
Developers and architects of web and mobile applications
-
People preparing for roles in cybersecurity or certifications such as CEH, OSCP
What You Will Learn
- How to understand application architecture and identify its weak points
- How to detect vulnerabilities in network services and web/mobile applications
- How to apply risk assessment models (STRIDE, DREAD, CVSS) in a security context
- How to use key pentesting tools (Nmap, Wireshark, Burp Suite, Metasploit)
- How to conduct penetration tests following the stages: planning, execution, reporting
- How to create recommendations and reports after tests in line with best practices
Training Program
-
Day 1: Basics of Applications and Networks
-
Module 1: Understanding Application Functioning
- Application workflow
- Key application components
- Typical communication issues between components (weak points)
-
Module 2: Network Services – Fundamentals
- TCP/IP protocol
- OSI model layers
- Key network services and their use
- Common vulnerabilities of network services
-
Module 3: Basics of Network Security
- Network security models
- Firewalls, IDS/IPS
- Network segmentation
- Common threats and detection methods
-
Day 2: Risk Management and Application Security
-
Module 4: Risk Management in IT Security
- Definition of risk
- Risk identification and assessment methods
- Risk assessment models:
- STRIDE
- DREAD
- CVSS
-
Module 5: OWASP Top 10 – Application Security Approach
- Overview of OWASP Top 10 threats
- Application testing in the OWASP context
- Examples of real-world vulnerabilities
-
Module 6: Penetration Testing of Network Infrastructure
- Goals and scope of infrastructure penetration tests
- Scanning techniques and weakness detection
- Examples of attacks and analysis
-
Day 3: Penetration Testing and System Security
-
Module 7: Windows System Security
- Security settings and system policies
- Permissions and access control management
- Incident detection and response
-
Module 8: Basic Kali Linux Tools for Pentesters
- Nmap
- Wireshark
- Burp Suite
- Metasploit
- Using tools in security testing
- Practical usage scenarios
-
Module 9: Mobile Application Security
- Security threats specific to iOS and Android
- Mobile application testing methods
- Client-side and server-side security
-
Module 10: Web Application Security
- Web application architecture
- Common attack points
- Programming mistakes and common vulnerabilities
- Tools and techniques for web application testing
-
Module 11: Conducting Penetration Tests (Pentests)
- Stages of penetration testing:
- Planning
- Execution
- Reporting
- Ethical aspects of penetration testing
- Documentation and post-test recommendations
- Stages of penetration testing:
