Train like you play

Certifications are a great means by which you can climb up the learning curve and launch your web pen testing career. Chances are if you are reading this book, you have one or more of these specialized certifications already under your belt. Most certification blueprints walk the ethical hacker through the flow of a test, which closely mimics the Lockheed Martin Cyber Kill Chain ® (http://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html shown in the following figure). While these are not frameworks in name, they can provide a soup to nuts methodology that can be integrated and adapted for use in your own process.

The Cyber Kill Chain drives most of the attack and test methodologies, and forms the basis for most of the industry certifications.
Lockheed Martin is credited with having created the Cyber Kill Chain  in a paper called  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains ( http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf).

Two leading international organizations, EC-Council and GIAC/SANS, established themselves as certification-focused organizations that have gained mindshare through qualifying security professionals, which, in turn, speaks well for their programs. Offensive Security (the creators/maintainers of Kali Linux) has also offered well-respected Kali-focused certifications that are revered for their practical testing approach.

上一章目录下一章