1
00:00:00,210 --> 00:00:06,360
So now when it comes to information security testing, the infrastructure of an organization is really

2
00:00:06,360 --> 00:00:06,990
important.

3
00:00:07,500 --> 00:00:12,330
So in this lecture, we are going to talk about some vulnerability assessment techniques.

4
00:00:12,870 --> 00:00:16,140
The first is security testing and evaluation.

5
00:00:16,590 --> 00:00:22,890
Now, the main goal of security testing and evaluation is to identify the threats that are present in

6
00:00:22,890 --> 00:00:23,480
the system.

7
00:00:23,820 --> 00:00:29,820
And you can measure the potential vulnerabilities that have been existing in the system so that the

8
00:00:29,820 --> 00:00:31,260
team can then patch them.

9
00:00:32,040 --> 00:00:39,060
Now, security testing and evaluation is another technique that can be used in identifying the information

10
00:00:39,060 --> 00:00:43,650
and communication systems vulnerabilities during the risk assessment process.

11
00:00:44,310 --> 00:00:53,100
Now it includes the development and execution of the test plan, test case test scripts, test procedures

12
00:00:53,430 --> 00:00:54,990
and expected results.

13
00:00:55,650 --> 00:01:01,940
Now, the purpose of system security testing is to test the effectiveness of the system.

14
00:01:01,950 --> 00:01:10,920
How effective is is the system against different cyber threats and mostly security testing and evaluation?

15
00:01:10,920 --> 00:01:17,790
S.A.G. is for ICT systems that is in information and communication technology ICT.

16
00:01:19,320 --> 00:01:28,260
Now, the objective of this air security testing and evaluation is to ensure that the applied controls

17
00:01:28,410 --> 00:01:36,150
need the approved security specification for the software and hardware and implement the organization's

18
00:01:36,150 --> 00:01:39,840
security policy or meet the industry standards.

19
00:01:40,260 --> 00:01:47,820
This is the main reason of security testing and evaluation, which is a first technique that we have

20
00:01:47,820 --> 00:01:50,130
seen under vulnerability assessment.

21
00:01:51,330 --> 00:01:55,610
Now, the next technique that we are going to see is penetration testing.

22
00:01:56,040 --> 00:01:59,910
I hope many of you have heard the term penetration testing.

23
00:02:00,960 --> 00:02:09,300
While learning ethical hacking or cybersecurity, this is very common in today's companies, so you

24
00:02:09,300 --> 00:02:15,660
can see the testing here has external bank testing, blind bank testing, internal bank testing, and

25
00:02:15,960 --> 00:02:22,470
the penetration testing can be carried out on network services to wireless glines of applications and

26
00:02:22,680 --> 00:02:24,440
much more so now.

27
00:02:24,450 --> 00:02:33,000
Penetration testing can be used to complement the review of security controls and ensure that different

28
00:02:33,000 --> 00:02:36,240
facets of the ICT system are secured.

29
00:02:36,930 --> 00:02:43,380
Bank testing, also known as penetration testing of and used in the risk assessment process, can be

30
00:02:43,380 --> 00:02:50,850
used to assess and system's ability to withstand intentional attempts to circumvent the system security.

31
00:02:51,630 --> 00:02:58,110
Now, let me tell you people, the main objective of bank testing is to test the system from the viewpoint

32
00:02:58,110 --> 00:03:04,230
of a third source, which means when it comes to bank testing, the one who is going to test the system

33
00:03:04,230 --> 00:03:08,370
acts like he's the hacker and he's trying to hack the system.

34
00:03:08,370 --> 00:03:14,370
But he's an ethical hacker and he's being paid by the company to test the system.

35
00:03:15,090 --> 00:03:22,860
Now, to exploit it is important to know that to exploit a particular vulnerability, one needs to know

36
00:03:22,860 --> 00:03:27,600
the exact system and applications that are being tested on the system.

37
00:03:28,230 --> 00:03:36,120
Also, it is important to note that penetration testing tools and techniques can give false positives

38
00:03:36,120 --> 00:03:38,820
as well because they are automated tools.

39
00:03:38,820 --> 00:03:44,940
And unless and until someone are an expert, ethical hacker verifies manually that the vulnerability

40
00:03:44,940 --> 00:03:45,630
is present.

41
00:03:45,930 --> 00:03:52,860
We cannot be so sure of, you know, telling the organization that the system is vulnerable.

42
00:03:53,400 --> 00:03:59,540
For example, if an automated system tells us that its clinician is present and if you directly writing

43
00:03:59,550 --> 00:04:05,460
the report, but the organization's own hacker finds out that there is no such vulnerability present,

44
00:04:05,850 --> 00:04:08,290
then, you know, there's that that's a bad practice.

45
00:04:08,610 --> 00:04:15,750
So what generally people do is they implement automated tool to gather the results and then they test

46
00:04:15,750 --> 00:04:21,930
each test case against the system to actually verify the existence of the vulnerability.

47
00:04:23,010 --> 00:04:27,570
In such case that tested objects should be considered vulnerable as well.

48
00:04:28,230 --> 00:04:34,830
Now, when it comes to pain testing, there are three types of penetration tests black box, white box

49
00:04:34,860 --> 00:04:37,320
and gray box in black box.

50
00:04:37,530 --> 00:04:43,620
The hacker or the ethical hacker particularly has no knowledge about the system that he's going to hack.

51
00:04:43,920 --> 00:04:48,600
It is completely a blind box and he has no information.

52
00:04:48,600 --> 00:04:53,130
He's just given the IP address of the target system and he's about to hack.

53
00:04:53,550 --> 00:04:55,140
When it comes to white box.

54
00:04:55,410 --> 00:04:59,250
The ethical hacker has a good knowledge of the security infrastructure.

55
00:04:59,400 --> 00:05:02,070
He knows the firewalls where they are pleased.

56
00:05:02,070 --> 00:05:03,960
What is the address of the firewalls?

57
00:05:04,260 --> 00:05:09,570
What are the techniques implemented to avoid single injection then the usernames and passwords of the

58
00:05:09,570 --> 00:05:10,290
default account.

59
00:05:10,290 --> 00:05:16,860
He knows everything, and when it comes to box, some information might be revealed and some may be

60
00:05:16,860 --> 00:05:19,500
hidden in order to test the security infrastructure.

61
00:05:19,830 --> 00:05:26,550
But if you ask me personally, the best way of testing is the black box being distinct because most

62
00:05:26,550 --> 00:05:33,660
of the ethical hackers or most of the cyber attacks that take place are in the case of black box because

63
00:05:33,660 --> 00:05:37,710
the hackers do not know about the security organizations infrastructure.

64
00:05:37,710 --> 00:05:41,970
And that is why having a black box and testing is really important.

65
00:05:42,360 --> 00:05:49,390
But also make sure that you understand that black box testing takes a huge amount of time to discover

66
00:05:49,400 --> 00:05:52,290
vulnerabilities as compared to white box.

67
00:05:53,730 --> 00:05:55,000
So this was it.

68
00:05:55,360 --> 00:06:02,400
When it comes to security assessment and testing, I hope you understood the fundamental concept of

69
00:06:02,400 --> 00:06:07,260
bank testing and now in the next lecture will talk about a threat.

70
00:06:07,500 --> 00:06:09,120
What is the definition of threat?

71
00:06:09,120 --> 00:06:15,570
And we will also see that different types of threats, spooky students.

72
00:06:15,750 --> 00:06:22,560
So one more thing before we move on to the next lecture, as you can see, that is cybersecurity has

73
00:06:22,560 --> 00:06:30,420
become very important and there are many courses charging a lot of money that actually are secure as

74
00:06:30,420 --> 00:06:36,330
it is doing our best quality education with minimal amount.

75
00:06:36,330 --> 00:06:39,800
Or some of you may have a significant role.

76
00:06:40,260 --> 00:06:44,670
Now, as a team, we need support and we need your motivation.

77
00:06:44,730 --> 00:06:48,210
So what we expect from you is just a simple routine.

78
00:06:48,750 --> 00:06:52,400
If need not be a five star review on anything, you're not going to tell.

79
00:06:53,010 --> 00:06:56,570
It's your choice if you want to give it a five star full stop.

80
00:06:56,580 --> 00:06:59,850
I'm not I'm not one to instruct, but.

81
00:07:00,580 --> 00:07:03,660
A review from this really keep us motivated.

82
00:07:04,180 --> 00:07:07,590
So many of you actually have questioned me how to get.

83
00:07:08,200 --> 00:07:12,700
So now I'm going to show you how do you need to write a review for the girls?

84
00:07:14,890 --> 00:07:21,350
So as it you need the reading is a good is option so you can click here.

85
00:07:21,700 --> 00:07:23,560
And how would you read the script?

86
00:07:23,980 --> 00:07:31,270
I want you to please honestly give me your feedback, because your feedback is very valuable to us and

87
00:07:31,390 --> 00:07:37,260
we will try our best to give more interesting content in every month.

88
00:07:37,270 --> 00:07:43,840
So I'm going to select Firestar because I am very proud of myself that I am doing some good for the

89
00:07:43,840 --> 00:07:45,880
community by doing this.

90
00:07:46,600 --> 00:07:49,150
So just tell us about your personal experience.

91
00:07:49,150 --> 00:07:50,550
Was it a good match for you?

92
00:07:50,560 --> 00:07:55,980
You can write anything or you can just write it as a coach.

93
00:07:56,130 --> 00:08:04,880
Go see people who really need you to support us because we are working days and nights to drop and record

94
00:08:04,880 --> 00:08:05,400
this video.

95
00:08:05,440 --> 00:08:13,100
So all you can do is just give us everything you can even it's your choice of to give the number of

96
00:08:13,120 --> 00:08:13,280
it.

97
00:08:13,400 --> 00:08:18,660
So save and continue and you can select this option, but it's optional.

98
00:08:18,670 --> 00:08:19,870
You can just skip.

99
00:08:20,200 --> 00:08:28,750
So I that everything else, because I think I'm delivering the course point save and continue and that's

100
00:08:28,750 --> 00:08:28,850
it.

101
00:08:28,990 --> 00:08:30,850
I'm not going to repeat myself.

102
00:08:30,850 --> 00:08:32,530
I'm not going to give you the count.

103
00:08:33,040 --> 00:08:36,160
It's faulty information security purpose, of course.

104
00:08:36,250 --> 00:08:36,550
Yeah.

105
00:08:37,090 --> 00:08:38,290
So Steve.

106
00:08:38,370 --> 00:08:39,750
And that is it.

107
00:08:39,760 --> 00:08:43,360
Students, we are just expecting a small preview from you.

108
00:08:43,360 --> 00:08:45,820
Please help us and please support us.

109
00:08:45,820 --> 00:08:48,670
But I think that if you let us start with the next.