PFTP TALKS

Featured

Recently Updated 20 June, 2021

penetration testing

(4)

What is penetration testing?

A penetration test is an authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in your systems.

Benefits of penetration testing

  • Finding weaknesses in systems
  • Determining the robustness of controls
  • Supporting compliance with data privacy and security regulations (e.g., PCI DSS, HIPAA, GDPR)
  • Providing qualitative and quantitative examples of current security posture and budget priorities for management

Types of pen testing tools

  • Reconnaissance tools for discovering network hosts and open ports
  • Vulnerability scanners for discovering issues in network services, web applications, and APIs
  • Proxy tools (e.g., specialized web proxies or generic man-in-the-middle proxies)
  • Exploitation tools to achieve system footholds or access to assets
  • Post-exploitation tools for interacting with systems, maintaining and expanding access, and achieving attack objectives

Types of pen testing

  • Black box. The team doesn’t know anything about the internal structure of the target system. They act as hackers would, probing for any externally exploitable weaknesses.
  • Gray box. The team has some knowledge of one or more sets of credentials. They also know about the target’s internal data structures, code, and algorithms. Pen testers might construct test cases based on detailed design documents, such as architectural diagrams of the target system.
  • White box. For white box testing, pen testers have access to systems and system artifacts: source code, binaries, containers, and sometimes even the servers running the system. White box approaches provide the highest level of assurance in the least amount of time.

Reviews

Excellent

2

Very Good

1

Average

1

Poor

0

Terrible

0

4.6

30 reviews

PAKISTAN FREELANCING TRAINING PROGRAM