International ICT Council

首页

国际讯息及通信科技协会

附属计划

登入

Software Freedom Day

Select Language
English \| 繁體中文 \| 简体中文 \| 日本語 \| 한국어

首页

国际认证

Information Security Penetration-testing Professio

考试大纲

Examination: Information System Penetrating - testing Professional
Examination Code: ICT- ISP²

Domain A: Legal, Obligation and Testing
Domain B: Preassessment and Discovery
Domain C: Network Penetration and Attack
Domain D: System Penetration
Domain E: Access Maintain and Anti-trace
Domain F: Evaluation and Reporting

A. Legal, Obligation and Testing

This domain address the obligation of a penetration tester and laws that affect organizations and personnel during the penetration testing.
Objectives:
Understand the responsibility of a penetration tester
Understand legal and ethics considerations should aware on a penetration test

B. Preassessment and Discovery

This domain encompasses preassessment, discovery and scanning stage of attack. Objectives:
Know the common Testing methodology and standards
Assess the appropriate targets and plan the penetration test
Gather information about the target network and its services with
- Online resources and search engine
- Information from physical asset and documents
- Social Engineering
Test systems and services for known vulnerabilities

C. Network Penetration and Attack

This domain focuses the techniques of network attack and remote exploit. It include the techniques target on TCP/IP network, Wireless network, Web application, Web Server and Database.
Objectives:
Understand and utilize the techniques of network attack and remote exploit:
- Denial-of-Service and Distributed Denial-of-Service
- Network traffic interception and manipulation
- Spoofing and session hijacking
- Cross-site scripting
- Sensitive information disclosure
- Insufficient or bypass of authentication
- Input data manipulation
- Application Session hijacking
- SQL injection
Discover and penetrate the wireless network

D. System Penetration

This domain focuses the techniques of system penetration and local exploit.
Objectives:
Understand and utilize the techniques of system cracking and local exploit
- Password cracking
- Buffer overflow
- Race condition
- Format string
- Cryptography usage
Understand how to gain further right and access more sensitive information after penetrate the target.

E. Access Maintain and Anti-trace

This domain centers the techniques for maintaining the access and cleaning the track. Objectives:
Understand and utilize the techniques including:
- Covering up tracks
- Log message removal
- Rootkit and backdoor
- Account modification
- Anti-forensics

F. Evaluation and Reporting

This domain relates to how to evaluate the finding and write a high level management summary,followed b technical findings and recommended corrective. It will explain the following area.
Objectives:
Evaluation report and judgment
Furture trends