image
The Pen Test: Putting It All Together
This chapter includes questions from the following topics:
•  Describe penetration testing, security assessments, and risk management
•  Define automatic and manual testing
•  List pen test methodology and deliverables
image
I’ve been exceedingly blessed in my life, in a great many ways I don’t have the time or print space here to cover. I have had opportunities to travel the world and experience things many people just flat out don’t get to. In one of my travels I wound up in Florence, Italy, and decided to go see the statue of David. Even if you’re not familiar with the background of this sculpture, I’ll bet you’ve seen a replica of it somewhere—from garden art re-creations and store displays to one very cool episode of SpongeBob SquarePants, where he had to “BE the marble!” David was carved by Michelangelo sometime between 1501 and 1504 and is universally acclaimed as one of the greatest sculptures of all time. The statue now sits in a domed atrium within the Galleria dell’Accademia in Florence. It is truly an unbelievable experience to see this work of art, displayed in all its glory in a perfect setting within a beautiful gallery, and is definitely a highlight of any visit to Florence.
What made as big an impression on me, though, was the other, unfinished works of art from Michelangelo you had to pass by in order to get to the statue of David. There’s a giant hallway leading to the atrium that is literally packed, on the right and left, with sculptures he started but, for whatever reason, never finished. Walking down the hallway (at least in your imagination with me anyway) you’re surrounded by stonework that is simply amazing. Here, on the right, is a giant marble stone with half a man sticking out of the left side and chisel marks leading downward to something as yet unfinished. On the left we see the front half of a horse exploding out of a rough-hewn block of granite; the rest of the beautiful animal still buried in the story he never got to finish telling with the sculpture. Traveling down this long hallway, we see other works—a battle raging in one boulder, a face clearly defined and nearly expressionless looking out of a little, almost leftover piece of rock—displayed left and right for us to gape at.
These unfinished works weren’t crude by any means; quite the opposite. I stood there among the crowds racing to get a glimpse of monumental talent, marveling at how a man could take a big chunk of rock and shape and smooth it into something that looked so real. But these pieces weren’t finished, and it showed. There were giant scratch marks over areas that should have been smoothed on some of them, and a few sculptures that simply broke off because the rock itself cracked in two.
What has this got to do with this book, you may be asking? The answer, dear reader, is because we’ve all put a lot of work into this. We’ve chipped away at giant boulders of knowledge and are on the verge of finishing. No, I’m not making some crazed corollary to this book being some work of art (anyone who really knows me can attest that’s not my bag, baby), but I am saying we, you and I, are on the verge of something good here. Keep hacking away at that stone. Keep sanding and polishing. Sooner or later you’ll finish and have your statue to display—just don’t forget all the work you put into it, and don’t throw any of it away. I promise, you’ll want to go back, sometime later, and walk through your own hallway of work to see how far you’ve come.
This chapter is, admittedly, short and sweet. The questions and answers are easier (if memorizing terms is easy for you, that is), and the write ups on what’s correct and what’s false will reflect that as well. Sure, I might sneak in a question from earlier in the book—just to see if you’re paying attention, and to wrap up terms EC Council throws into this section—but these are all supposed to be about the pen test itself. We’ve already covered the nuts and bolts, so now we’re going to spend some time on the finished product. And, yes, you will see this stuff on your exam. I just hope that you’ll be so ready for it by then it’ll be like Michelangelo wiping the dust off his last polishing of the statue of David.
image
image STUDY TIPS   Information covered in this chapter, that you’ll find on the exam, generally boils down to basic memorization. While that may sound easy enough to you, I think you’ll find that some of these terms are so closely related that questions on the exam referencing them will be confusing in the least—and most likely rage-inducing by the time the exam ends. Pay very close attention to the details and key words for definitions (in particular the insiders, outsiders, and affiliates definitions), and take the time to memorize the phases involved with a pen test and an actual attack itself. Lastly, and I think I’ve said this before, it’s sometimes easier to eliminate wrong answers than it is to choose the correct one. When you’re looking at one of these questions that seems totally out of left field, spend your time eliminating the answers you know aren’t correct. Eventually all that’s left must be the correct choice(s). After all, the mechanism scoring the test doesn’t care how you got to the answer, only that the right one is chosen.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset