Penetration testing is a process of security audit that evaluates the organization's security, infrastructure, network and Applications against internal and external threat actors. It is helpful way to determine the security policies and controls. This process involves active evaluation of security by simulating an attack similar to real attackers. Main objectives are to test and analyze design weakness, technical flaws and vulnerabilities.
Security Audit
Security Audit checks whether an organization is following the standard security policies and procedures.
Vulnerability Assessment
A vulnerability assessment focus on discovering the vulnerabilities in the system but without any evidence that these can be exploited. Also it lacks the information to evaluate how much damage it can cause to the System security
Compliance Oriented Penetration testing
This type of testing is driven by compliance requirements. It is determined to evaluate compliance requirements about standards, frameworks, laws, acts etc.
Red-Team-based Penetration testing
Red-team-based testing covers all areas of security testing. It includes assessing people, networks, application ad physical security.
Black-Box Testing
limited knowledge about target
Requires a lot of research and information gathering
Resource and time consuming
White-Box Testing
Complete information about target
Less time and resource consuming
Bugs and vulnerabilities can be patched quickly
Gray-Box Testing
Combination of black and white Testing
usually limited information (depends on target scope)
Security testing and assessments are performed internally
Basic-Skills of a Penetration Tester
Networking (most important)
knowledge of Firewalls, Routers and Intrusion detection systems
Open Source Techniques
Web Servers, mail, SNMP stations and Access devises
Operating System knowledge
Web Application architecture (frontend-backend,)
Ability to read, learn and enhance Every day
Top comments (1)
Thank