Penetration Testing Overview

Technology Overview

In the Ethical Hacking environment, the most common term that often uses is “pentester.” Pentesters are the penetration tester that has permission to hack a system by owner. Penetration testing is the process of hacking a system with the permission from the owner of that system, to evaluate security, Hack Value, Target of Evaluation (TOE), attacks, exploits, zero-day vulnerability & other components such as threats, vulnerabilities, and daisy chaining.

Comparing Pentesting

Important for Penetration testing

If you want to be ready for an attack, you must be smart, to think like them, act like them. Hackers are skilled, having detailed information of hardware’s, software, networking and other related information. The need and importance of penetration testing, in the modern world where variously advanced threat such as Denial-of-service, Identity theft, theft of services, stealing information is common, system penetration ensure to counter the attack from malicious threat by anticipating methods. Some other major advantages and need for penetration testing is to uncover the vulnerabilities in systems and security deployments in the same way an attacker gains access: –

  • To identify the threats and vulnerabilities to organizations assets.
  • To provide a comprehensive assessment of policies, procedures, design, and architecture.
  • To set remediation actions to secure them before they are used by a hacker to breach security.
  • To identify what an attacker can access to steal.
  • To identify what information can be theft and its use.
  • To test and validate the security protection & identify the need for any additional protection layer.
  • Modification and up-gradation of currently deployment security architecture.
  • To reduce the expense of IT Security by enhancing Return on Security Investment (ROSI).
Comparing Blue & Red Teaming

Types of Penetration Testing

Three types of Penetration testing are important to be differentiated because a penetration tester may have asked to perform any of them.

Black Box

The black box is a type of penetration testing in which the pentester is blind testing or double-blind testing, i.e. provided with no prior knowledge of the system or any information of the target. Black boxing is designed to demonstrate an emulated situation as an attacker in countering an attack.

Gray box

Gray box, is a type of penetration testing in which the pentester has very limited prior knowledge of the system or any information of targets such as IP addresses, Operating system or network information in very limited. Gary boxing is designed to demonstrate an emulated situation as an insider might have this information and to counter an attack as the pentester has basic, limited information regarding target.

White box

The white box is a type of penetration testing in which the pentester has complete knowledge of system and information of the target. This type of penetration is done by internal security teams or security audits teams to perform auditing.

Phases of Penetration Testing

Penetration testing is a three-phase process.

  1. Pre-Attack Phase
  2. Attack Phase
  3. Post-Attack Phase
Penetration Testing Phases

Security Testing Methodology

There are some methodological approaches to be adopted for security or penetration testing. Industry-leading Penetration Testing Methodologies are: –

  • Open Web Application Security Project (OWASP)
  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Information Systems Security Assessment Framework (ISAF)
  • EC-Council Licensed Penetration Tester (LPT) Methodology

Mind Map

Total
0
Shares
Leave a Reply

Your email address will not be published.

Related Posts