SlideShare a Scribd company logo

Importance of Penetration Testing

V
Vandana Verma

This document discusses the importance of penetration testing education and provides information about cost-effective training options. It introduces the author, Jasmine Jackson, who has several security certifications and works as a penetration tester. Her blog, PassionForPentesting, was created in 2012 to showcase her skills and teach beginners about information security. The document then lists several free or low-cost training resources for penetration testing, including PentesterLab, OverTheWire, HackTheBox, Vulnerable By Design, PicoCTF, and OWASP projects. These resources provide vulnerable machines, wargames, capture the flag challenges, and other hands-on learning opportunities to help people learn penetration testing skills.

Technology
1 of 6
1
2
3
4
5
6
Importance of Penetration Testing Education JASMINE M JACKSON
Stats  Hometown: Berkeley, CA  Currently reside: Charlotte, NC  Masters in Computer Science, Graduate Certificate in Information Security and Privacy from University of North Carolina at Charlotte (UNCC)  Assistant Organizer of OWASP Charlotte Chapter  Have security certifications: GSEC, GWAPT, and currently studying for the OSCP  Currently work as a penetration tester
PassionForPentesting  Created the blog in 2012  Frustrated of not being in the information security field  Blog is an online portfolio that displays my skills in web applications security, forensics, etc., through write-ups.  Blog is also used to teach the absolute beginner about information security with cost-effective training options.
Cost-Effective Training Courses  PentesterLab (www.penesterlab.com)  Have different badges – essential, android, capture the flag, etc. This is $19.99/month  Also has a bootcamp portion - which is free  OverTheWire (www.overthewire.org/wargames)  Have different “wargames” in different topics – Unix (Bandit), Natas (Web-Security) – this is free  HackTheBox (www.hackthebox.eu)  Have different labs that are similar to the OSCP. Need to hack the registration screen to obtain product key. – this is free
Cost-Effective Training Courses cont’d  Vulnerable By Design (www.vulnhub.com)  Vulnerable machines with different levels of difficulty (easy, medium, and hard)  This is free  PicoCTF (www.picoctf.com)  Intended for high school students, but all are welcome (I have write-ups on PassionForPentesting.com)  Have different categories – forensics, web security, etc.  This is free  OWASP (www.owasp.org)  Have different projects (Juice Shop, Security Shepherd) that are useful for hacking  This is free
QUESTIONS?

More Related Content

PDF
WTF is Penetration Testing
Scott Sutherland
 
PDF
What is pentest
itissolutions
 
PDF
Butler
Thomas Butler, CISSP, CEH, CHFI, CISA, CPA, CIA
 
PDF
WTF is Penetration Testing
NetSPI
 
PPTX
Butler
Thomas Butler, CISSP, CEH, CHFI, CISA, CPA, CIA
 
PPTX
So you wanna be a pentester - free webinar to show you how
Joe McCray
 
PDF
Understanding the Importance of a Penetration Testing Course.pdf
HackerSchool
 
PDF
Building security into the pipelines
Vandana Verma
 
WTF is Penetration Testing
Scott Sutherland
 
What is pentest
itissolutions
 
Butler
Thomas Butler, CISSP, CEH, CHFI, CISA, CPA, CIA
 
WTF is Penetration Testing
NetSPI
 
Butler
Thomas Butler, CISSP, CEH, CHFI, CISA, CPA, CIA
 
So you wanna be a pentester - free webinar to show you how
Joe McCray
 
Understanding the Importance of a Penetration Testing Course.pdf
HackerSchool
 
Building security into the pipelines
Vandana Verma
 

More from Vandana Verma (17)

PPTX
Applying OWASP web security testing guide (OWSTG)
Vandana Verma
 
PDF
Running an app sec program with OWASP projects_ Defcon AppSec Village
Vandana Verma
 
PDF
SARCON Talk - Vandana Verma Sehgal
Vandana Verma
 
PDF
Sacon 2020 living in the world of zero trust v1.0
Vandana Verma
 
PDF
Addo 2019 vandana_dev_secops_culturalchange
Vandana Verma
 
PDF
App Sec village DevSecOps as a culture
Vandana Verma
 
PPTX
Oscp - Journey
Vandana Verma
 
PPTX
Web sockets - Pentesting
Vandana Verma
 
PPTX
Story of http headers
Vandana Verma
 
PPTX
Security audits & compliance
Vandana Verma
 
PPTX
Basics of Server Side Template Injection
Vandana Verma
 
PPTX
SIEM Vendor Neutrality
Vandana Verma
 
PPTX
Getting started with android
Vandana Verma
 
PPTX
Identity & access management
Vandana Verma
 
PPTX
Chariot generic presentation owaspwia_Infosecgirls
Vandana Verma
 
PDF
OWASP - Dependency Check
Vandana Verma
 
PDF
Incident response in Cloud
Vandana Verma
 
Applying OWASP web security testing guide (OWSTG)
Vandana Verma
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Vandana Verma
 
SARCON Talk - Vandana Verma Sehgal
Vandana Verma
 
Sacon 2020 living in the world of zero trust v1.0
Vandana Verma
 
Addo 2019 vandana_dev_secops_culturalchange
Vandana Verma
 
App Sec village DevSecOps as a culture
Vandana Verma
 
Oscp - Journey
Vandana Verma
 
Web sockets - Pentesting
Vandana Verma
 
Story of http headers
Vandana Verma
 
Security audits & compliance
Vandana Verma
 
Basics of Server Side Template Injection
Vandana Verma
 
SIEM Vendor Neutrality
Vandana Verma
 
Getting started with android
Vandana Verma
 
Identity & access management
Vandana Verma
 
Chariot generic presentation owaspwia_Infosecgirls
Vandana Verma
 
OWASP - Dependency Check
Vandana Verma
 
Incident response in Cloud
Vandana Verma
 
Ad

Recently uploaded (20)

PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Teaching material agriculture food technology
LiaRayya
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Ad

Importance of Penetration Testing

  • 1. Importance of Penetration Testing Education JASMINE M JACKSON
  • 2. Stats  Hometown: Berkeley, CA  Currently reside: Charlotte, NC  Masters in Computer Science, Graduate Certificate in Information Security and Privacy from University of North Carolina at Charlotte (UNCC)  Assistant Organizer of OWASP Charlotte Chapter  Have security certifications: GSEC, GWAPT, and currently studying for the OSCP  Currently work as a penetration tester
  • 3. PassionForPentesting  Created the blog in 2012  Frustrated of not being in the information security field  Blog is an online portfolio that displays my skills in web applications security, forensics, etc., through write-ups.  Blog is also used to teach the absolute beginner about information security with cost-effective training options.
  • 4. Cost-Effective Training Courses  PentesterLab (www.penesterlab.com)  Have different badges – essential, android, capture the flag, etc. This is $19.99/month  Also has a bootcamp portion - which is free  OverTheWire (www.overthewire.org/wargames)  Have different “wargames” in different topics – Unix (Bandit), Natas (Web-Security) – this is free  HackTheBox (www.hackthebox.eu)  Have different labs that are similar to the OSCP. Need to hack the registration screen to obtain product key. – this is free
  • 5. Cost-Effective Training Courses cont’d  Vulnerable By Design (www.vulnhub.com)  Vulnerable machines with different levels of difficulty (easy, medium, and hard)  This is free  PicoCTF (www.picoctf.com)  Intended for high school students, but all are welcome (I have write-ups on PassionForPentesting.com)  Have different categories – forensics, web security, etc.  This is free  OWASP (www.owasp.org)  Have different projects (Juice Shop, Security Shepherd) that are useful for hacking  This is free