•    Employment
  •    Academia
  •    Research
    • NICE Framework
    • CAE Program

Penetration Testing

The intent of the Penetration Testing Knowledge Unit is to provide students with methods of discovering ways of exploiting vulnerabilities to gain access to a system.

Topics

  1. Attack Vectors
  2. Students should be able to plan, organize and perform penetration testing on a simple network
  3. Students should be able to plan, organize and perform penetration testing on a simple network.
  4. Enumeration, foot printing
  5. Identifying flaws from source code analysis
  6. Understanding flaws that lead to vulnerabilities

Outcomes

  1. Students should be able to plan, organize and perform penetration testing on a simple network.

KSA-T

Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.

  • Knowledge
  • Skills
  • Abilities
  • Tasks
ID DESCRIPTION
K0179 Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
K0160 Knowledge of the common attack vectors on the network layer.
K0070 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
K0089 Knowledge of systems diagnostic tools and fault identification techniques.
K0106 Knowledge of what constitutes a network attack and a network attack??s relationship to both threats and vulnerabilities.
K0177 Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
K0206 Knowledge of ethical hacking principles and techniques.
K0342 Knowledge of penetration testing principles, tools, and techniques.
K0119 Knowledge of hacking methodologies.
K0572 Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization.
K0310 Knowledge of hacking methodologies.
K0604 Knowledge of threat and/or target systems.
K0430 Knowledge of evasion strategies and techniques.
K0268 Knowledge of forensic footprint identification.
K0272 Knowledge of network analysis tools used to identify software communications vulnerabilities.
K0009 Knowledge of application vulnerabilities.
ID DESCRIPTION
S0051 Skill in the use of penetration testing tools and techniques.
S0184 Skill in analyzing traffic to identify network devices.
S0226 Skill in identifying a target's network characteristics.
ID DESCRIPTION
A0086 Ability to expand network access by conducting target analysis and collection to identify targets of interest.
A0093 Ability to identify/describe techniques/methods for conducting technical exploitation of the target.
A0007 Ability to tailor code analysis for application-specific concerns.
A0036 Ability to identify basic common coding flaws at a high level.
A0092 Ability to identify/describe target vulnerability.
ID DESCRIPTION