Reference no: EM132160281

Assignment - Need to review given article with 2 APA references.

What are the most important skills and methods needed for a good penetration tester? To answer this question, one must first understand the intended purpose of penetration testing before discussion skills and methods. Most security professionals know the purpose of a penetration or pen test is to mimic an attacker's action in the production environment in order for organizations to proactively identify and correct vulnerabilities before they can be exploited by black hat hackers. This is referred to as ethical hacking (Harwood, 2015, p. 192). But, do not forget that first and foremost, a fundamental skill is risk management. The ability to proactively identify, analyze, prioritize, and correct violations before they occur. It is also important for security professionals to understand how to design cost-effective controls mechanisms intended to manage the risks and achieve regulatory compliance requirements.

Additionally, it is obvious that security professional will need to possess knowledge of the inherent risks and weaknesses of the systems, software, and technology within their own organization, so they can effectively plan and perform the pen test. Many security professionals leverage leading practices and guidance such as ISO 27000, COBIT, NIST, or OWASP to develop their own pen testing procedures. Furthermore, skills with various security assessment tools are vital to performing the pen test. Very few pen tests are performed manually these days, and with so many security assessment tools available, one must understand how to utilize the capability of the tool to effectively perform the pen test.

One wrong filter selection within the tool could change the results of the entire test report. Regarding methods, there are many leading practice guidelines for performing the pen test. For example, PCI DSS, NIST SP 800-115, SANS, and OWASP to name a few, which follow similar approaches that include: Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post Exploitation, and Reporting steps (Harwood, 2015, p. 293). According to OWASP (2018), there's even a Penetration testing framework that provides very comprehensive hands-on pen testing guidance, and lists usage of the testing tools specific to various assessment category (e.g., AS400, password cracking, enumeration, discovery & probing, network reconnaissance, cisco testing, citrix testing, voip security, etc.).

Another area that may be easily overlooked as an important aspect of being an effective pen tester, is continuously improving one's knowledge and capability through training. One cannot perform effective risk management, effectively design mitigating controls, or effectively utilize security assessment tools if they have not been properly trained. Technology is always changing and evolving, and it can be challenging to keep up, but continuous training is a foundation of success that all other skills and methodologies are built upon. How can Christians apply those skills without compromising biblical ethics? "And whatsoever ye do, do it heartily, as to the Lord, and not unto men; Knowing that of the Lord ye shall receive the reward of the inheritance: for ye serve the Lord Christ" (Colossians 3:23-24). Security professionals must do their work for the purpose of good; not evil. They must be the white hat hackers helping organizations to proactively identify and correct security vulnerabilities before the black hat hackers take advantage of those vulnerabilities. Christian security professionals are to be the like Jesus, and they are to be the light in a dark place, and salt of the world. References Harwood, Mike. (07/2015).

Internet Security: How to Defend Against Attackers on the Web, 2nd Edition [VitalSource Bookshelf version].

Attachment:- Assignment File.rar