Penetration Testing and Vulnerability Assessment

Penetration Testing or pentest is a process or method thatis followed in order to conduct a

strong security audit of an organization. It may be limited to a network security audit, or

internal websites security audit, Physical Security Audit, Social Engineering Audit or the whole

organization security audit. The pentest should always be carried out in a well-laid plan, and

proper methodology. It should be a combination of rules, procedures and skills during the

course of an information security audit.

It also may require implementation of the required security features, such as implementing a

Web Application Firewall, or an Intrusion Detection System (IDS) or whatever the case may be.

Penetration Testing could be classified into two types depending on the user’s knowledge:

Black-Box Testing

White-Box Testing

Black Box Testing

Black Box Testing involves security checks against an Operating System or an environment,

with which the penetration tester is not familiar with, and doesn’t have much information

about it. In most of the cases of Black Box security audit, the attacker is at a remote location,

without having the full idea of the network internals. Once the test is complete, the

penetration tester should prepare a well detailed report of all the circumstances he faced, and

the ways through which he could get in, and what all security measures need to be taken, in

order to make the organization more secure.      

White Box Testing

White Box testing is also generally referred to as Internal Testing, as in

most of the cases, the penetration tester has access to the internal networks and has all the

information related to the network. He also knows beforehand, about what all technologies

are being used in the organization, and he may then try looking for security issues in the

applied applications.          

The combination of both types of testing is also known as Grey-Box Testing.

Penetration Testing Methodologies

Even though Penetration testing methodology may vary from person to person, there are

some standard set of methods defined, which could be used as a basis while conducting

Penetration tests on organisations.


<< Prev | Next >>

Home | Notes Catalog | Privacy & Terms | Contact us | About us | Tweet us |     Copyright © 2016.                                     Template by