Security Testing Essential Training
4h 21mIntermediate2025-07-30
Authors

Jerod Brennen
Security Architect, Advisor, Speaker, Teacher
Course details
Is your organization secure? In order to answer this question confidently, you need to perform testing to prove that it is indeed secure. However, not all security testing is the same. A risk assessment is not a vulnerability assessment; a penetration test won't measure compliance. For a successful career, a security analyst needs to understand the many different types of security testing and know when and how to implement them. This course with security architect Jerod Brennen provides the resources you need to set up a testing environment, plan assessments, identify targets, and begin executing security tests. Jerod also helps you analyze test results and draft a report of your findings. Plus, see popular testing framework tools in action, including Nmap, Nessus, Wireshark, Lynis, OWASP ZAP, Aircrack-ng, and hashcat, as run on a Kali Linux virtual machine.
Learning objectives
Differentiate between various types of security testing methodologies (risk assessments, vulnerability assessments, penetration tests, and compliance testing) and determine the appropriate application for each based on organizational needs and security objectives.
Create a comprehensive security testing plan that includes environment setup, target identification, assessment scheduling, and resource allocation using industry-standard frameworks and methodologies.
Execute security testing procedures using professional tools including Nmap for network discovery, Nessus for vulnerability scanning, Wireshark for traffic analysis, and OWASP ZAP for web application testing within a controlled Kali Linux environment.
Analyze security test results to identify vulnerabilities, assess risk levels, determine potential impact on organizational assets, and prioritize remediation efforts based on threat severity and business criticality.
Synthesize security assessment findings into professional reports that communicate technical vulnerabilities, business risks, and actionable recommendations to both technical teams and executive stakeholders in clear, concise language.
Learning objectives
Differentiate between various types of security testing methodologies (risk assessments, vulnerability assessments, penetration tests, and compliance testing) and determine the appropriate application for each based on organizational needs and security objectives.
Create a comprehensive security testing plan that includes environment setup, target identification, assessment scheduling, and resource allocation using industry-standard frameworks and methodologies.
Execute security testing procedures using professional tools including Nmap for network discovery, Nessus for vulnerability scanning, Wireshark for traffic analysis, and OWASP ZAP for web application testing within a controlled Kali Linux environment.
Analyze security test results to identify vulnerabilities, assess risk levels, determine potential impact on organizational assets, and prioritize remediation efforts based on threat severity and business criticality.
Synthesize security assessment findings into professional reports that communicate technical vulnerabilities, business risks, and actionable recommendations to both technical teams and executive stakeholders in clear, concise language.
Skills covered
Security TestingCybersecurityOne-Off
Concepts
0. Introduction
- 01 - The importance of security testing
- 02 - What you should know
1. Understanding Security Assessments
- 03 - Language is important
- 04 - Risk assessments
- 05 - Calculating risk score
- 06 - Security controls assessments
- 07 - NIST and ISO
- 08 - Compliance assessments
- 09 - Vulnerability assessments
- 10 - Penetration tests
- 11 - Goals of a pen test
- 12 - The security assessment lifecycle
2. Your Testing Environment
- 13 - The security tester's toolkit
- 14 - Kali Linux
- 15 - Nmap
- 16 - Nessus
- 17 - Wireshark
- 18 - Lynis
- 19 - Demo - Lynis
- 20 - CIS-CAT Lite
- 21 - Aircrack-ng
- 22 - hashcat
- 23 - OWASP ZAP
- 24 - Demo - OWASP ZAP
- 25 - Prowler
3. Planning Your Assessment
- 26 - Understanding your scope
- 27 - Improving over time
- 28 - Selecting your methodology
- 29 - Selecting your tools
- 30 - Basic assessment tools
- 31 - Advanced assessment tools
4. Review Techniques
- 32 - Documentation review
- 33 - Log review
- 34 - Log management tools
- 35 - Ruleset review
- 36 - System configuration review
- 37 - Demo - CIS-CAT
- 38 - Network sniffing
- 39 - Demo - Wireshark
- 40 - File integrity checking
5. Identifying Your Targets
- 41 - Network discovery
- 42 - Open source intelligence
- 43 - Network port and service identification
- 44 - Demo - Nmap
- 45 - Vulnerability scanning
- 46 - Determining severity
- 47 - Demo - Nessus
- 48 - Wireless scanning
- 49 - Wireless testing process
- 50 - Demo - Aircrack-ng
- 51 - Demo - Prowler
6. Vulnerability Validation
- 52 - Password cracking
- 53 - Demo - Hashcat
- 54 - Penetration test planning
- 55 - Penetration test tools
- 56 - Penetration test techniques
- 57 - Social engineering
- 58 - Demo - Social Engineer Toolkit (SET)
7. Additional Considerations
- 59 - Coordinating your assessments
- 60 - Data analysis
- 61 - Providing context
- 62 - Data handling
- 63 - Drafting your report
- 64 - Delivering your report
Conclusion
- 65 - Next steps
- 66 - Additional resources
Related courses
- Security Testing Essential Training (2022)
- Dynamic Application Security Testing (DAST) (2019)
- Static Application Security Testing (SAST) (2019)
- Penetration Testing Essential Training
- Penetration Testing Essential Training (2021)
- Raising Cybersecurity Awareness through Phishing Simulations
- API Test Automation with SoapUI
- Hashcat Essential Training
Related learn paths
- Explore a Career in Application Security
- Become a Penetration Tester
- Penetration Testing Professional Certificate
- Getting Started with Software Testing
- Getting Started with Continuous Integration / Continuous Delivery (CI/CD)
- Prepare for the CompTIA PenTest+ (PT0-001) Exam
- Prepare for the AZ-203 Developing Solutions for Microsoft Azure Exam
- Prepare for the Azure Developer Associate (AZ-204) Certification