What is Penetration Testing?

What is Penetration Testing?

What is Penetration Testing? – Penetration testing is a method of evaluating the security of an information system or network by simulating an attack to find out vulnerability that an attacker could exploit.

Security Measures are actively analyzed for design weaknesses, technical flaws and vulnerabilities.

A penetration test will not only point out vulnerabilities, but will also document how the weaknesses can be exploited.

The results are delivered comprehensively in a report, to executive management and technical audiences.

Why Penetration Testing

Identify the threats facing an organization’s information assets.

Reduce an organization’s expenditure on IT security and enhance Return On Security Investment(ROSI) by Identifying and remediating vulnerabilities or weaknesses.

Provide assurance with comprehensive assessment of organization’s security including policy, procedure, design, and implemention.

Gain and maintain certification to an Industry regulation.

Adopt best practices in compliance to legal and industry regulations.

For testing and validating the efficacy of security protections and controls.

For changing or upgrading existing infrastructure of software, hardware, or network design.

Focus on high-severity vulnerabilities and emphasize application-level security issues to development teams and management.

Provide a comprehensive approach of preparation steps that can be taken to prevent upcoming exploitation.

Evaluate the efficacy of network security devices such as firewalls, routers, and web servers.

Also Read: How to hack wifi using kali linux

Types of Penetration Testing

  • Black-Box

No prior knowledge of the infrastructure to be tested.

  • White-Box

Computer knowledge of the infrastructure that needs to be tested.

  • Grey-Box

Limited knowledge of the infrastructure that needs to be tested.

Phases of Penetration Testing

  • Pre-Attack Phase

Planning and preparation

Methodology designing

Network information gathering

  • Attack Phase

Penetrating perimeter

Acquiring target

Escalating privileges

Execution, implantation, retracting.

  • Post-Attack Phase

Reporting

Clean-up

Artifact destruction

Related posts

Leave a Comment