Exploring more on Penetration testing: how to do it and why to do it? ______________________________________________________ What is penetration testing? ------------------------------------- Penetration testing is often known by ‘pen testing’ or ‘security testing’. It is the practice of attacking a system with the prior permissions from the owner. The one makes the penetration testing is known as Penetration tester. A penetration tester would attack in the same way as a hacker could attack it. The only difference between the hacker and a penetration tester is that a hacker doesn’t signs any documents before doing an attack and penetration tester needs to take care of many legal documents. Penetration testing could be of anything, systems, web applications, networks etc. Why to perform penetration testing? ---------------------------------------------- During the development process, many loop holes are left. These loop wholes are technically known as vulnerabilities. Vulnerability could be of anything, it could be small one like ‘weak password’ or could be a big one like ‘buffer overflows’. A penetration tester applies various tools and methods to find out all the vulnerabilities. The loop holes could prove to be a setback for an organisation as it could result into data breach. A security breaches and a service interruption for an organisation could cost them financial loses. FBI cyber-crime and security survey’s recent edition has estimated average cost of $350,424 for a data breach of US Company. The average cost has been doubled since the last 2 years. CSI and FBI could cost $203,000 for a single data breach instance. How to do penetration testing? --------------------------------------- Initially many organisations used defensive security mechanisms containing user access control, cryptography, IPS, Intrusion detection systems and firewalls. The continuous evolvement of the IT industry has out led these traditional methods. Everyday new vulnerabilities like SQL injection are found which makes it tough for the organisations to handle. These days’ large size organisations employ and make a separate team of penetration tester who regularly performs penetration testing of the system. Penetration testing is usually done of the following things: ------------------------------------------------------------------------- --> Intrusion detection systems testing --> Firewalls testing --> Password cracking testing --> Social engineering testing --> Web Application testing --> SQL databases testing --> Network routers and switches testing --> Wireless and network testing --> Denial of Service testing --> Source code testing --> Virtual private network testing --> File integrity checking --> SAP testing
Posted on: Thu, 07 Aug 2014 07:24:57 +0000
Trending Topics
Recently Viewed Topics
© 2015