1 / 4

penetration testing...docx (1)

penetration testing

shana4
Download Presentation

penetration testing...docx (1)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. What are Stages & types of Penetration Testing? Penetration testing Certification is the art of finding vulnerabilities and digging deep to seek out what proportion a target can be compromised, just in case of a legitimate attack. A penetration test will involve exploiting the network, servers, computers, firewalls, etc., to uncover vulnerabilities and highlight the practical risks involved with the identified vulnerabilities. Stages of Penetration Testing Penetration testing Certification can be broken down into multiple phases; this will vary depending on the organization and the type of test conducted– internal or external. Let’s discuss each phase: ● Agreement phase. ● Planning and reconnaissance. ● Scanning. ● Gaining Access. ● Maintaining access. ● Exploitation. ● Evidence collection and report generation. WHY ARE PENETRATION TESTS Certification IMPORTANT? They can offer security personnel real expertise in dealing with an intrusion. A penetration test Certification should be done without informing workers and will allow management to check whether or not its security policies are truly effective. A penetration test Certification can be imagined much like a fire drill. It will uncover aspects of a security policy that are lacking. For example, several security policies provide a lot of focus on preventing and detecting an attack on management systems but neglect the process of evicting an attacker. You may uncover during a penetration testing that whilst your organization detected attacks, that security personnel couldn't attacker from the system in an efficient way before they caused damage. They provide feedback on the most at-risk routes into your company or application. Penetration testers think outside of the box, and will try to get into your system by any means possible, as a real-world attacker would.This could reveal immeasurable of major vulnerabilities your security or development effectively take away the

  2. team never considered.The reports generated by penetration tests Certification give you with feedback on prioritizing any future security investment. Penetration testing Certification reports can be used to help train to reduce mistakes.If developers can see however application or part of an application they'll help to develop, they will be very much more motivated towars their security education and avoid creating similar errors in the future. an outside attacker broke into an Types of Penetration testing based on knowledge of the target: Black Box When the attacker does not know the target, it is referred to as a black box penetration test. This type requires a lot of time and the pen-tester uses automated tools to find vulnerabilities and weak spots. White Box When the penetration tester is given the complete knowledge of the target, it is called a white-box penetration test. The attacker has complete knowledge of the IP addresses, controls in place, code samples, operating system details, etc. It requires less time when compared to black-box penetration testing. Grey Box When the tester is having half info about the target, it is referred to as gray box penetration testing. In this case, the attacker will have some knowledge of the target information like URLs, IP addresses, etc., but will not have complete knowledge or access. Types of Penetration testing based on the position of tester: • to as external penetration testing • the attacker is present inside the network, simulation of this scenario is referred to as internal penetration testing • Targeted testing is usually performed by the organization’s IT team and the Penetration Testing team working together • In a blind penetration test, the penetration tester is provided with no prior If the penetration test is conducted from outside the network, it is referred

  3. information except the organization name • In a double-blind test, at max, only one or two people within the organization might be aware that a test is being conducted Types of Penetration testing based on where it is performed: Network Penetration Testing Network Penetration Testing activity aims at discovering weaknesses and vulnerabilities related to the network infrastructure of the organization. It involves, firewall configuration & bypass testing, Stateful analysis testing, DNS attacks, etc. Most common software packages which are examined during this test include: o Secure Shell(SSH) o SQL Server o MySQL o Simple Mail Transfer Protocol(SMTP) o File Transfer Protocol Application Penetration Testing In Application Penetration Testing, penetration tester checks, if any security vulnerabilities or weaknesses are discovered in web-based applications. Core application components such as ActiveX, Silverlight, and Java Applets, and APIs are all examined. Therefore this kind of testing requires a lot of time. Wireless Penetration Testing In Wireless Penetration Testing, all of the wireless devices which are used in a corporation are tested. It includes items such as tablets, notebooks, smartphones, etc. This test spots vulnerabilities in terms of wireless access points, admin credentials, and wireless protocols. Social Engineering Social Engineering Test involves attempting to get confidential or sensitive information by purposely tricking an employee of the organization. You have two subsets here. • Remote testing – involves tricking an employee to reveal sensitive information via an electronic means

  4. information, like threaten or blackmail an employee Physical testing – involves the use of a physical means to gather sensitive Client-Side Penetration Testing The purpose of this type of testing is to identify security issues in terms of software running on the customer’s workstations. Its primary goal is to search and exploit vulnerabilities in client-side software programs. For example, web browsers (such as Internet Explorer, Google Chrome, Mozilla Firefox, Safari), content creation software packages (such as Adobe Framemaker and Adobe RoboHelp), media players, etc.

More Related