Looks like no one added any tags here yet for you.
what is penetration testing?
pen test is the process of identifying security vulnerabilities in an application by evaluating the system with various malicious techniques
weak points are exploited
purpose of pen test
to secure important data from outsiders who have unauthorized access
what is a penetration tester referred to as?
ethical hacker
causes of vulnerabilities (5)
design and dev errors
poor system configuration
human error
connectivity
complexity
what is the biggest cause of vulnerability?
human error
why should we do penetration testing
to prevent major attacks like Wannacry
why is it unavoidable to do pen testing?
due to the recent scale and danger of cyber-attacks these days
what is pen testing mainly required for? (4)
financial or critical data
for software release cycles
secure user data
find vulnerabilities
why do big organizations look for PCI compliance before doing business with third parties?
to avoid loop holes left in a software system
what should be tested? (5)
software
hardward
network
processes
end-user behaviour
social engineering test
attempts to make a person reveal sensitive information
mostly done over the phone, internet, help-desks etc
network service test
** One of the most commonly performed pen test
openings in the network are identified and entry is made, this can be done locally or remotely
what are the three categories pen tests can be organized to?
black box
white box
grey box
black box pen test
tester assesses the target system, network or process without knowledge of its details
they have a high level of inputs
NO CODE IS EXAMINED
white box pen test
tester is equipped with complete details
examines code, design and dev errors - simulation of an INTERNAL attack
grey box pen test
tester has limited details about the target environment
simulation of EXTERNAL environment
three techniques to pen testing
Manual - social engineering, check design, logic and code
automated
combination - most common to get all vulnerabilities
penetration testing tools
automated tools identify standard vulnerabilities
tools can scan to check for malicious code
can verify security loopholes by examining data encryption and figuring out hard-coded values like passwords and usernames
criteria for selecting best penetration tool
easy to deploy
can system easily
categorize vulnerabilities
automate verification of vulnerabilities
re-verify the exploits
generated documentation
train test resources
Acunetix
pen testing tool that offers security professionals and software engineers alike a range of stunning features in an easy, robust package
Intruder
pen testing tool is a vulnerability scanner that finds cybersecurity weaknesses in a digital estate while explaining risks
Astra Pentest
pen testing tool that is compatible with any business across industries. They have scanners and teams of experts (pen testers)