Penetration Testing Need of Penetration Testing?
What is Penetration Testing ? A Penetration Testing, or sometimes Pentest Is a software attack on a computer system that looks for security weaknesses, Potentially gaining access to the computer's features and data. Security issues that the penetration test uncovers should be reported to the system owner. Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce risk.
Objectives / Goals of Penetration Testing are
Why we need Penetration Testing Team
There are many reasons for organizations should seriously consider performing penetration tests.
A penetration test is a highly specialized, security-specific validation of controls in place.
Penetration testing is really a form of QA that looks for flaws in network architecture and design, operating system and application configuration, application design, and even human behaviour as it relates to security policies and procedures.
This can range from testing network and application access controls, to software code and IT operational processes.
Advantages of a Penetration Test Penetration testing can be extremely useful to people who wish to get extra reassurance when it comes to critical web facing systems. However they can also be useful in a variety of other ways, such as: a) Testing TestingaaSystem SystemAdministrator Administratorto tosee seeififhe heis iskeeping keepingsystems systemsupdated updated a) andsecured. secured. and b) Compliance Compliance& &the thePayment PaymentCard CardIndustry Industry(PCI), (PCI),when whenoperating operating b) anonline onlinepayments paymentssystem. system. an c) Risk Riskreduction reductionand andrisk riskmitigation mitigationfactors factorsfor forinsurance insuranceor orother other c) industries. industries. d) Protection Protectionof ofConfidentially, Confidentially,Integrity Integrityand andAvailability Availability(CIA (CIAtriad) triad) d) ofdata. data. of
Most Common Types of Penetration Tests Two of the more common types of penetration tests are black box and white box penetration testing.
Black Box Test, no prior knowledge of the corporate system is given to the third party tester. This is often the most preferred test as it is an accurate simulation of how an outsider/hacker would see the network and attempt to break into it.
White Box Test, on the other hand is when the third party organisation is given full IP information, network diagrams and source code files to the software, networks and systems, in a bid to find weaknesses from any of the available information.
Common Measurements for Penetration Testing What kinds of metrics make sense for penetration testing and vulnerability assessments? For vulnerability assessments, common measurements to track include:
Number of vulnerabilities found; Criticality and types of vulnerabilities; Percentage of systems and applications scanned; Number of “unowned” or questionable assets detected.
For penetration tests, the key is a baseline: o o o
How many critical vulnerabilities were found vs. the last test? User accounts and/or passwords compromised; Data records accessed.
A A penetration penetration test test is is useful useful service service if if your your business business can can justify justify the the expense expense and and importance importance of of having having its its web web facing facing equipment equipment properly properly secured. secured. Rest Rest assured assured that that cybercrime cybercrime is is a a growing growing problem, problem, costing costing business business and and the the government government millions millions each each year. year. The The cyber cyber criminals criminals don’t don’t look look to to be be giving giving up up anytime anytime soon soon and and with with all all this this money money to to be be made made by by them them online, online, who’s who’s to to say say your your business business won’t won’t be be next? next?
Resources http://testbytes.net/testing-services/penetration-testing/ http://searchsecurity.techtarget.com/magazineContent/How-to-pen-test-Why-you-needan-internal-security-pen-testing-program http://bizsecurity.about.com/od/informationsecurity/a/Penetration-Testing-What-Is-ItDo-I-Need-It.htm