what is penetration testing

What is Penetration Testing?

-blog.oureducation.in(sakshi soni)

Contents

• Introduction• Objectives• Types• How to Testing• Need of Testing

Introduction

• It is a proactive and authorized attempt to evaluate the security of an IT network infrastructure by attempting to exploit system vulnerabilities, including OS, service and application flaws, improper configurations, and risky end-user behaviour in a controlled manner.

• Such assessments are also useful in validating the efficiency of defensive mechanisms. It enhance the end-users’ adherence to security policies.

Objective

The objective of penetration testing is to determine security vulnerabilities. A penetration test can also be used to test an organization’s security policy. As well as employees’ security awareness and the organization’s ability to identify security incidents is also improved.

Types Targeted Testing: It is performed by the company’s IT team

and penetration testing team working together

External Testing: This type of test targets an organization’s externally visible servers or devices which includes domain name servers (DNS), e-mail servers, web servers etc.

Internal Testing: This test mimics an inside attack by an authorized user having standard access privileges.

Blind Testing: A blind test strategy includes the actions and procedures of a real attacker by severely limiting the detail given to the person who’s performing the test beforehand.

How To Perform It

• Penetration tests are typically performed using manual or automated technologies.

• Main Purpose is to systematically find compromise servers, endpoints, web applications, wireless networks and other potential points of exposure.

• After vulnerabilities have been successfully exploited on a system, testers attempt to use the compromised system to launch subsequent exploits at other resources.

• It is done by trying to incrementally achieve higher levels of security clearance and deeper access to electronic assets.

Penetration Testing Process

Need of Penetration Testing• To determine the feasibility of a particular set of attack vectors.• To identify the higher-risk vulnerability that results from a

combination of lower-risk weaknesses exploited in a particular sequence.

• To Identify those vulnerabilities that may be difficult to detect with automated network or application scanning software.

• For assessing the magnitude of potential business and operational impacts of attacks.

Functions Of Penetration Testing

For more information, you can visit following websites:

• http://blog.oureducation.in/cyber-security/

• http://blog.oureducation.in/email-hacking/

• http://blog.oureducation.in/ethical-hacking-a-shield-against-cyber-crime/

Thank You