Penetration Testing
A penetration test or pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system.
Pen testers aka ethical hackers essentially get paid to legally break into computers or devices.
Pen tests can be automated with software applications or they can be performed manually.
Ethical hacking steps
1. Planning and reconnaissance - Get documented permission and gather information.
2. Scanning - inspect code and how the system works.
3. Exploitation - get into the system and back out with information without being noticed.
4. Maintaining access - The goal of this step is to see if the vulnerability can be used to achieve a persistent presence in the exploited system.
5. Analysis - compile a report detailing:
-Specific vulnerabilities that were exploited
-Sensitive data that was accessed
-The amount of time the pen tester was able to remain in the system undetected
Penetration Testing Methods
External Testing - target the assets of a company that are visible on the internet.
Internal Testing - test with access to an application behind its firewall.
Blind Test - a tester is only given the name of the enterprise that’s being targeted. This gives security personnel a real-time look into how an actual application assault would take place.
Double Blind Test - security personnel have no prior knowledge of the simulated attack.
Targeted Testing - In this scenario, both the tester and security personnel work together and keep each other appraised of their movements.
The main objective of penetration testing is to determine security weaknesses.
No comments:
Post a Comment