IT Security/Threats/Testing
< IT Security | Threats
This lesson covers security testing.
Objectives and Skills
[edit | edit source]Objectives and skills for the security testing portion of Security+ certification include:[1]
- Explain the proper use of penetration testing versus vulnerability scanning.
- Penetration testing<ref>
- Verify a threat exists
- Bypass security controls
- Actively test security controls
- Exploiting vulnerabilities
- Vulnerability scanning
- Passively testing security controls
- Identify vulnerability
- Identify lack of security controls
- Identify common misconfigurations
- Intrusive vs. non-intrusive
- Credentialed vs. non-credentialed
- False positive
- Black box
- White box
- Gray box
- Penetration testing<ref>
Readings
[edit | edit source]Multimedia
[edit | edit source]- YouTube: Penetration Testing - CompTIA Security+ SY0-401: 3.8
- YouTube: Vulnerability Scanning - CompTIA Security+ SY0-401: 3.8