Penetration Test (Part 2 of 2)

 








What is Penetration Testing?

Penetration testing, also known as Pentest, is an authorized simulated cyber attack used to ascertain a computer system's security state. However, it should not be confused with vulnerability assessment. This process not only identify the weaknesses, but also the strengths of a system, thus providing a full risk management.

A pen tester evaluates the cybersecurity of an organization utilizing various techniques. It allows the businesses identify their weaknesses and determine if a malicious actor would be able to take advantage and exploit them to get unauthorized access. Any type of study involving deliberate simulation of attack on a computer system falls under the broad definition of penetration testing, as there are several approaches to ethical hacking.

Types of Penetration Tests

All pen tests falls under either of the three following categories:
  • White Box- If a penetration test target is a White Box then, the tester will be provided a complete background information of the network and the system, along with the network maps source code and other materials. After that, internal and external vulnerabilities are thoroughly evaluated that saves time and minimizes the total engagement cost.

  • Gray Box- In this type of target, the tester is provided with limited knowledge of the target like design and architecture of the internal network. Its main objective is to provide a focused and efficient assessment of a network's security as opposed to a black box assessment.

  • Black Box- In this penetration test, the tester starts without any information given by the client. These tests are particularly faster because the tester is oblivious of the internal systems and the completion of the task heavily rests on the capability of the tester to identify as well as exploit flaws in the target's externally visible services. However, its biggest drawback is that the vulnerabilities in the internal services may go unidentified if the testers are unable to penetrate the perimeter. 

A penetration tester may also concentrate on one of the two primary areas for a variety of reasons:
  • External- The penetration tester starts "outside" of the network and tries to find a way to access the internal network.

  • Internal- The attacker begins within the network and concentrates on how much harm can be done from that privileged position and how quickly. 

Conclusion

In this part we learnt about some penetration testing techniques and will discuss them in detail in further parts. 





















































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)