What is Penetration Testing? – Penetration testing is a method of evaluating the security of an information system or network by simulating an attack to find out vulnerability that an attacker could exploit.
Security Measures are actively analyzed for design weaknesses, technical flaws and vulnerabilities.
A penetration test will not only point out vulnerabilities, but will also document how the weaknesses can be exploited.
The results are delivered comprehensively in a report, to executive management and technical audiences.
Why Penetration Testing
Identify the threats facing an organization’s information assets.
Reduce an organization’s expenditure on IT security and enhance Return On Security Investment(ROSI) by Identifying and remediating vulnerabilities or weaknesses.
Provide assurance with comprehensive assessment of organization’s security including policy, procedure, design, and implemention.
Gain and maintain certification to an Industry regulation.
Adopt best practices in compliance to legal and industry regulations.
For testing and validating the efficacy of security protections and controls.
For changing or upgrading existing infrastructure of software, hardware, or network design.
Focus on high-severity vulnerabilities and emphasize application-level security issues to development teams and management.
Provide a comprehensive approach of preparation steps that can be taken to prevent upcoming exploitation.
Evaluate the efficacy of network security devices such as firewalls, routers, and web servers.
Also Read: How to hack wifi using kali linux
Types of Penetration Testing
- Black-Box
No prior knowledge of the infrastructure to be tested.
- White-Box
Computer knowledge of the infrastructure that needs to be tested.
- Grey-Box
Limited knowledge of the infrastructure that needs to be tested.
Phases of Penetration Testing
- Pre-Attack Phase
Planning and preparation
Methodology designing
Network information gathering
- Attack Phase
Penetrating perimeter
Acquiring target
Escalating privileges
Execution, implantation, retracting.
- Post-Attack Phase
Reporting
Clean-up
Artifact destruction