why we need penetration testing

11
Penetration Penetration Testing Testing Need of Penetration Testing? Need of Penetration Testing?

Upload: jananya213

Post on 30-Dec-2015

31 views

Category:

Documents


0 download

DESCRIPTION

There are many reasons why organizations seriously need penetration testing, it can be extremely useful to people who wish to get extra reassurance when it comes to critical \nweb facing systems.Protection of sensitive data and information becomes important in any organizations. More @ http://testbytes.net/testing-services/penetration-testing/\n - PowerPoint PPT Presentation

TRANSCRIPT

Penetration Penetration TestingTesting

Need of Penetration Testing?Need of Penetration Testing?

What is Penetration Testing ?

A Penetration Testing, or sometimes Pentest

Is a software attack on a computer system that looks for security weaknesses,

Potentially gaining access to the computer's features and data.

Security issues that the penetration test uncovers should be reported to the system owner.

Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce risk.

Objectives / Goals of Penetration Testing are

Why we need Penetration Testing Team

There are many reasons for organizations should seriously consider performing penetration tests.

A penetration test is a highly specialized, security-specific validation of controls in place.

Penetration testing is really a form of QA that looks for flaws in network architecture and design, operating system and application configuration, application design, and even human behaviour as it relates to security policies and procedures.

This can range from testing network and application access controls, to software code and IT operational processes.

Advantages of a Penetration Advantages of a Penetration TestTest

Penetration testing can be extremely useful to people who wish to get extra reassurance when it comes to critical web facing systems.

However they can also be useful in a variety of other ways, such as:

a) Testing a System Administrator to see if he is keeping systems updated and secured.

b) Compliance & the Payment Card Industry (PCI), when operating an online payments system.

c) Risk reduction and risk mitigation factors for insurance or other industries.

d) Protection of Confidentially, Integrity and Availability (CIA triad) of data.

a) Testing a System Administrator to see if he is keeping systems updated and secured.

b) Compliance & the Payment Card Industry (PCI), when operating an online payments system.

c) Risk reduction and risk mitigation factors for insurance or other industries.

d) Protection of Confidentially, Integrity and Availability (CIA triad) of data.

Most Common Types of Penetration TestsMost Common Types of Penetration Tests

Two of the more common types of penetration tests are black box and white box penetration testing.

Black Box TestBlack Box Test, , no prior knowledge of the corporate system is given to the third party tester. This is often the most preferred test as it is an accurate simulation of how an outsider/hacker would see the network and attempt to break into it.

White Box Test, White Box Test, on the other hand is when the third party organisation is given full IP information, network diagrams and source code files to the software, networks and systems, in a bid to find weaknesses from any of the available information.

Common Measurements for Penetration TestingCommon Measurements for Penetration Testing

What kinds of metrics make sense for penetration testing and vulnerability assessments? For vulnerability assessments, common measurements to track include:

Number of vulnerabilities found;Number of vulnerabilities found; Criticality and types of vulnerabilities;Criticality and types of vulnerabilities; Percentage of systems and applications scanned;Percentage of systems and applications scanned; Number of “unowned” or questionable assets detected.Number of “unowned” or questionable assets detected.

For penetration tests, the key is a baseline:For penetration tests, the key is a baseline:

o How many critical vulnerabilities were found vs. the last How many critical vulnerabilities were found vs. the last test?test?

o User accounts and/or passwords compromised;User accounts and/or passwords compromised;o Data records accessed.Data records accessed.

A penetration test is useful service if your business can justify the A penetration test is useful service if your business can justify the expense and importance of having its web facing equipment expense and importance of having its web facing equipment properly secured. properly secured.

Rest assured that cybercrime is a growing problem, costing Rest assured that cybercrime is a growing problem, costing business and the government millions each year. business and the government millions each year.

The cyber criminals don’t look to be giving up anytime soon and The cyber criminals don’t look to be giving up anytime soon and with all this money to be made by them online, who’s to say your with all this money to be made by them online, who’s to say your business won’t be next?business won’t be next?

A penetration test is useful service if your business can justify the A penetration test is useful service if your business can justify the expense and importance of having its web facing equipment expense and importance of having its web facing equipment properly secured. properly secured.

Rest assured that cybercrime is a growing problem, costing Rest assured that cybercrime is a growing problem, costing business and the government millions each year. business and the government millions each year.

The cyber criminals don’t look to be giving up anytime soon and The cyber criminals don’t look to be giving up anytime soon and with all this money to be made by them online, who’s to say your with all this money to be made by them online, who’s to say your business won’t be next?business won’t be next?

ResourcesResources

http://testbytes.net/testing-services/penetration-testing/

http://searchsecurity.techtarget.com/magazineContent/How-to-pen-test-Why-you-http://searchsecurity.techtarget.com/magazineContent/How-to-pen-test-Why-you-need-an-internal-security-pen-testing-programneed-an-internal-security-pen-testing-program

http://bizsecurity.about.com/od/informationsecurity/a/Penetration-Testing-What-Is-http://bizsecurity.about.com/od/informationsecurity/a/Penetration-Testing-What-Is-It-Do-I-Need-It.htmIt-Do-I-Need-It.htm