Pentesting - Carrying out penetration tests
Satisfaction rate
4.8
Success rate
4.8
At the end of the course, the trainee will be able to put in place a procedure for carrying out intrusion tests.
The target audience for training
- CISO,
- Technicians,
- Auditors involved in pentesting, systems and network administrators.
Training programme
- Duration: 5 days
Day 1
Day 1 - Morning
- Objectives and detailed structure of the course.
- Definitions: pentest vs. security audit.
- Legal and regulatory framework: legal aspects, ethics and contractual scope.
- Fundamental principles of information security and the role of pentesting in risk management.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 1 - Afternoon
- Intrusion testing approaches and methodologies (OSSTMM, PTES, NIST, ISSAF).
- Defining the scope and planning a pentesting assignment.
- Intrusion test life cycle.
- Case study: analysis of a typical specification.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 2
Day 2 - Morning
- Passive recognition: searching for public information (OSINT).
- Target mapping: identification of exposed assets and services.
- Use of tools (Whois, Shodan, Maltego, etc.).
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 2 - Afternoon
- Active reconnaissance: network and vulnerability scans.
- Use of Nmap, Nessus, OpenVAS and associated tools.
- Practical exercises: mapping a network and identifying potential faults.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 3
Day 3 - Morning
- Vulnerability exploitation tests.
- Manual vs. automated operation.
- Introduction to Metasploit and associated frameworks.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 3 - Afternoon
- Intrusion tests on systems and network infrastructures.
- Penetration tests on web applications (SQLi, XSS, CSRF, LFI/RFI).
- Penetration tests on mobile applications.
- Practical exercises and labs.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 4
Day 4 - Morning
- Advanced techniques: elevation of privileges, pivoting, persistence.
- Social engineering tests (phishing, pretexting, USB drops).
- Physical security tests (local access, access control, badge cloning).
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 4 - Afternoon
- Post-intrusion validation and operation.
- Gathering evidence and securing results.
- Supervised Capture The Flag (CTF) exercises.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate what has been learnt.
Day 5
Day 5 - Morning
- Analysis and documentation of results.
- Writing a professional audit report (structure, level of detail, communication, etc.)
for decision-makers and technicians). - Feedback and communication of findings to management.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate the knowledge acquired.
acquired.
- Interactive quiz (30 min) on LMS with group correction to validate and consolidate the knowledge acquired.
Day 5 - Afternoon
- Corrective action plans and follow-up.
- Case studies and quizzes to assess skills acquired.
- Best practices for maintaining a continuous pentesting process within the organisation.
- Closing and final assessment.
- Attendance certificates are handed out and participants evaluate the course.
Trainer profile
Expert consultant-trainer in safety management, combining technical expertise, field experience and teaching know-how, whose technical, professional and teaching skills have been rigorously assessed and validated as part of our internal selection procedures.
Teaching methods and resources
The course is based on a balanced combination of theoretical and practical approaches, guaranteeing both the acquisition of knowledge and its operational application:
- Structured theoretical input, illustrated by practical examples tailored to the participants' professional context.
- Practical exercises and workshops at every stage to help you acquire the knowledge you need.
- A case study linking the different skill blocks.
- Strong interaction between trainers and trainees, making exchanges more concrete and in correlation with trainees' expectations.
- Full educational documentation, supplied in digital format.
- Course evaluation questionnaire at the end of the course, analysed by our teaching team.
- Certificate of acquired skills sent to the trainee at the end of the course.
- End-of-training certificate sent at the same time as the invoice to the company or funding organisation, confirming that the trainee has fully attended the session.
Training objectives
- Understanding the fundamentals and legal framework of pentesting.
- Understanding the different phases of an intrusion test.
- Use pentesting analysis tools and techniques.
- Simulate attacks.
- Writing a professional audit report.
Assessment method
- Practical exercises and workshops at every stage of the course.
- A case study linking the different skill blocks.
- Quiz at the end of each day's training.
- Self-assessment of knowledge acquired by trainees via a questionnaire
Training prerequisites
Knowledge of IT and information systems security.
- Language : French
- Level : Fundamental
- Certification body : ACG CYBERACADEMY
- Certification: No
- Accessibility : Yes
- Duration: 5 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).