Operations security or OPSEC is a topic of security method for helping with the penetration testing workflow. In this course, OPSEC for Penetration Testers, you'll follow the story of a penetration tester that will test the security of a website. In each of the engagement phases, (pre-engagement, the penetration test itself, and post-engagement) the types of data and corresponding risks will be discussed. This includes communication with the stakeholders, a typical pen testers' work environment, as well as the tools being used. Throughout the course, the topics will cover the major scenarios penetration testers face in the real world. By the end of this course, you'll have an understanding of how OPSEC can fit into the penetration testing workflow.
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. Since 2004, he started specializing in pentesting complex and feature-rich web applications. Currently, he leads a global team of highly skilled and enthusiastic penetration testers as lead pentester.
Course Overview Hi everyone. My name is Peter Mosmans and welcome to my course OPSEC for Penetration Testers. I'm a lead penetration tester working for multiple companies around the globe. As a penetration tester, you test the security of other companies, other people but have you ever thought of what would happen if you were the target of somebody else's penetration test? In this course we're going to dive deeper into what operational security, or OPSEC, is, and how to apply that knowledge to the penetration testing workflow. Some of the major topics that we will cover include the three laws of OPSEC, setting up a secure penetration testing environment, identifying and mitigating risks while testing, securely wrapping up penetration testing engagements. By the end of this course you'll have a solid understanding of operational security, and know the risks you face while penetration testing. Before beginning the course you should be familiar with penetration testing in general. Knowledge of the command line and Linux is recommended but not completely necessary. I hope you'll join me on this journey to learn about operational security with the OPSEC for Penetration Testers course at Pluralsight.