Analisa dan Test Penetrasi Keamanan Teknologi Informasi

Modul 1: Security Analysis and Penetration Testing Methodology
Menjelaskan apa itu security analysis dan menerapkannya dalam bentuk proses penetration testing
Topik:
• Konsep security analysis
• Proses atau fase penetration testing
• Tipe dan metode penetration testing
Lab: -

Modul 2: TCP IP Packet Analysis
Menjelaskan dan menganalisa paket TCP/IP, sebagai dasar untuk security analysis
Topik:
• TCP/IP protocol
• OSI and TCP/IP models
• Network services
• TCP/IP security
Lab:
• Sniff the network
• Analyze incoming and outgoing packets

Modul 3: Pre-penetration Testing Steps
Melakukan fase pre-penetration testing, seperti pembuatan proposal, draft kontrak, menentukan waktu, metode, tipe penetration testing yang akan digunakan
Topik:
• Identifikasi tipe penetration testing
• Draft kontrak
• Role of Engagement (RoE)
Lab:
• Verify penetration testing templates

Modul 4: Information Gathering Methodology
Mencari dan mendapatkan informasi terkait target, seperti alamat url, IP address, daftar karyawan, dsb.
Topik:
• OSINT and SOCMINT
• Footprinting
• Social engineering
Lab:
• Extract a company’s information
• List Employees of the Company

Modul 5: Vulnerability Analysis
Melakukan vulnerability scan dan menganalisanya untuk bisa dieksploitasi
Topik:
• Vulnerability Assessment
• Vulnerability classification
• Vulnerability assessment tools
• Vulnerability report
Lab:
• Vulnerability scan
• Exploit vulnerability

Modul 6: External Penetration Testing Methodology
Melakukan penetration testing dari jaringan luar atau internet
Topik:
• Port scan and network scan
• OS fingerprint
• Banner grabbing
Lab:
• Check live systems and open ports
• Perform banner grabbing and OS fingerprinting
• Identify network vulnerabilities

Modul 7: Internal Network Penetration Testing Methodology
Melakukan penetration testing dari dalam (internal network)
Topik:
• Enumeration
• Network sniffing
• ARP poisoning
• Escalation privilege
Lab:
• Sniffing
• ARP poisoning
• SNMP enumerates
• Cracking password
• Escalation privilege

Modul 8: Perimeter Network Penetration Testing Methodology
Melakukan penetration testing terhadap perimeter network, termasuk testing terhadap security sistem yang digunakan (Firewall & IDS)
Topik:
• Perimeter network (DMZ)
• Konsep Firewall
• Konsep IDS dan Honeypots
Lab:
• HTTP tunneling
• Install KFSENSOR

Modul 9: Web Application Penetration Testing Methodology
Melakukan penetration testing terhadap web server dan web application
Topik:
• Konsep web server dan web application
• Komponen web services
• Web application threats
Lab:
• Banner grabbing
• Web application vulnerability scanning
• Parameter tampering
• Cracking web application password
• Directory traversal
• Cross site scripting

Modul 10: Database Penetration Testing Methodology
Melakukan penetration testing terhadap suatu database
Topik:
• Database server
• Google hack/dork
• Database penetration testing steps
Lab:
• Perfom google advanced searching
• Automated SQL injection using Havij and SQLmap

Modul 11: Wireless Network Penetration Testing Methodology
Melakukan penetration testing terhadap wireless network
Topik:
• Wireless penetration testing
• Wireless security threats
• Wireless penetration testing tools
Lab:
• Wireless attack using Aircrack-ng suite
• Wifite

Modul 12: Report Writing and Post Test Actions
Melakukan post-penetration testing seperti pembuatan laporan dan menghilangkan sisa-sisa/artefact yang dihasilkan dari fase penetration testing
Topik:
• Goal of penetration testing report
• Tipe penetration testing report
• Penetration testing report format
Lab:
• Verify penetration testing report template