What is Pentration Testing ?

on

                                          Pen Testing

  

     It is an attempt to evaluate the security of information technology infrastructure by

safely trying to exploit the vulnerabilities which may exists in operating systems,

services and application flaws, improper configuration or risky end user behaviour. It is

also know as a pentest of ethical hacking.


     It refers to the practice of testing a computer system, network or web application to 

find security vulnerabilities that are verily exploited by an attacker Penetration testing 

automated either with software application or could be performed manually as well. 

The process involves:   

  1. Gathering of the information about the target before the test . 

  2. Identifying possible entry points 

  3. Attempting to break in.

  4. reporting back the finding 

 

The main pen test strategies used by security professionals are 

  • Targeted testing:

    It is performed together by the IT team and the penetration testing team of the organization. Since everyone can see the test being carried out, it is referred to as " light turned on " apporach.

  • External testing: 

    It envisages the possbile targeted attack on a company's externally visible server

    or devices including that of the domain name servers, email servers, web servers.

    or firewalls. The objectives of this type of testing is to find out the possibilities of

    an outside attacker getting access and to the extends to which the can get access

  • Internal testing: 

    It is a sort of testing which is carried to estimate the extent of damage caused by 
     
    an authorized internal disgruntled employee who has the necessary access 
     
    privilege.

  • Blind testing:

    This test simulates that actions and procedures of a real attacker by severely 

    limiting the information given to the person or team performing the test 

    before hand with minimal information about the organization on which the 

    pentest is carried out.

  • Double-blind testing:

    This   test takes the results of the blind test and carries it a step further . In this 
     
    testing type of pen test, only one or two people within the organization might be 
     
    aware a test is being conducted.

  • Black box testing: 

    This test is basically the same as blind testing. In this testing the tester receives no 

    information before the test takes place and they use to find their own way into the 

    system.

  • White box testing:

    This type of testing provides the penetration testers information such as IP 

    address, network infrastructure schematics and the protocols used and the source 

    code about the target network before they start their work.

     

     

     

    By  VendanNotes

Comments

Post a Comment