Penetration Testing & It's Types
Hello friends, myself Gautam here. I have recently started my
internship at Inferno Infosec and along with that I have started writing
technical blogs at such a good platform. I will try to write
interesting blogs which will help our dear readers to gain good
knowledge of cyber security. Today, I am here with an interesting blog
on Penetration Testing.
Penetration testing also known as Pen testing aim to detect holes in the system and helps in making sure that the rightful security measures are in place to secure data and ensure functionality.
What is penetration testing?
Misconception in all over mind about penetration testing is Vulnerability tests are same as penetration tests but this is not true. Let me clear that thing first “Vulnerability tests are not the same as penetration tests”. Vulnerability tests are used for discover potential vulnerabilities present within the system.
Pen testing is all about determine what a real world hacker attack would be like. This is like a fire drill.
Why Penetration Testing is important?
Pen testing verifies the capability of a system to protect its applications, endpoints, networks and users against both external or internal threats. Also, it intent to secure the system controls and reject any attempt of unauthorized access.
Reasons why Penetration Testing is necessary?
· It admits Vulnerabilities in The Safe Environment
· It Helps You compute Vulnerabilities by Their Exploitability
· It Finds cuts in The Security Policy
· It Is enforced to Comply with Regulations & Standards
· It advice You Stay Up-To-Date Regarding the Risk Level
The purpose of penetration testing is to:
Reveal specific holes that live unknown even after vulnerability tests.
Expose the amount of the damage that could be done to the system.
Finds how well your employees (that are uninformed of the ongoing penetration) detect the attacks and counter to it.
Phases of a penetration test
· Reconnaissance – It is the process of gathering information before use any real attacks.
· Scanning – It is the process of determining the likely entry points into the target system.
· Port scanning: Checking the target for the information like live systems, open ports, various services running on the host.
· Vulnerability Scanning: Scanning the system for weaknesses or vulnerabilities which can be exploited.
· Gaining access – Attacker crush the system/network and he has to increase his privilege to higher level.
· Maintaining access – To grant the pen tester to remain in the targeted systems until he gathers what information he considers to be valuable and then manages to extract it successfully from the system.
· Covering tracks – To delete the digital signs left out by the pen tester during the previous stages of the test. These digital signs, in essence, prove the pen tester’s existence in the targeted computer system.
Different types of penetration testing?
We can classify penetration testing into three categories: black-box, white-box, and gray-box.
Black box testing
Black-box Pros :
· It requires little knowledge before begin.
· Execution action is similar to a real attacker. So, there is a high chance of finding real issues.
Black-box Cons :
· A tester was not having the same time as a real attacker could have for planning the attack.
· It would not cover all facet.
· Execution would edge to a high cost.
· Not a tool for PCI consent.
White box testing
White-box Pros
· It is bit more precise and detailed than the black box approach.
· Planning in this approach is simple. And execution is quick.
White-box Cons
· Significant time would be needed to get the system and prepare the data for analysis.
· Advanced tool execution would result in cost rise.
Gray-box testing
Gray-box Pros
· Low cost as compared to other Approach.
· The pen tester can achieve the same level of analysis as they would have got during the white box testing.
Gray-box Cons
Dependency on the customer to fix up information for pen testing to begin.
Stay tuned!!! Stay Home!!! Stay connected for more and more interesting articles.
Penetration testing also known as Pen testing aim to detect holes in the system and helps in making sure that the rightful security measures are in place to secure data and ensure functionality.
What is penetration testing?
Misconception in all over mind about penetration testing is Vulnerability tests are same as penetration tests but this is not true. Let me clear that thing first “Vulnerability tests are not the same as penetration tests”. Vulnerability tests are used for discover potential vulnerabilities present within the system.
Pen testing is all about determine what a real world hacker attack would be like. This is like a fire drill.
Why Penetration Testing is important?
Pen testing verifies the capability of a system to protect its applications, endpoints, networks and users against both external or internal threats. Also, it intent to secure the system controls and reject any attempt of unauthorized access.
Reasons why Penetration Testing is necessary?
· It admits Vulnerabilities in The Safe Environment
· It Helps You compute Vulnerabilities by Their Exploitability
· It Finds cuts in The Security Policy
· It Is enforced to Comply with Regulations & Standards
· It advice You Stay Up-To-Date Regarding the Risk Level
The purpose of penetration testing is to:
Reveal specific holes that live unknown even after vulnerability tests.
Expose the amount of the damage that could be done to the system.
Finds how well your employees (that are uninformed of the ongoing penetration) detect the attacks and counter to it.
Phases of a penetration test
· Reconnaissance – It is the process of gathering information before use any real attacks.
· Scanning – It is the process of determining the likely entry points into the target system.
· Port scanning: Checking the target for the information like live systems, open ports, various services running on the host.
· Vulnerability Scanning: Scanning the system for weaknesses or vulnerabilities which can be exploited.
· Gaining access – Attacker crush the system/network and he has to increase his privilege to higher level.
· Maintaining access – To grant the pen tester to remain in the targeted systems until he gathers what information he considers to be valuable and then manages to extract it successfully from the system.
· Covering tracks – To delete the digital signs left out by the pen tester during the previous stages of the test. These digital signs, in essence, prove the pen tester’s existence in the targeted computer system.
Different types of penetration testing?
We can classify penetration testing into three categories: black-box, white-box, and gray-box.
Black box testing
Black-box Pros :
· It requires little knowledge before begin.
· Execution action is similar to a real attacker. So, there is a high chance of finding real issues.
Black-box Cons :
· A tester was not having the same time as a real attacker could have for planning the attack.
· It would not cover all facet.
· Execution would edge to a high cost.
· Not a tool for PCI consent.
White box testing
White-box Pros
· It is bit more precise and detailed than the black box approach.
· Planning in this approach is simple. And execution is quick.
White-box Cons
· Significant time would be needed to get the system and prepare the data for analysis.
· Advanced tool execution would result in cost rise.
Gray-box testing
Gray-box Pros
· Low cost as compared to other Approach.
· The pen tester can achieve the same level of analysis as they would have got during the white box testing.
Gray-box Cons
Dependency on the customer to fix up information for pen testing to begin.
Stay tuned!!! Stay Home!!! Stay connected for more and more interesting articles.
3 Comments
Nice 👌 very interesting keep going 👏
ReplyDeleteExcellent keep it up
ReplyDeletePenetration testing is crucial for cybersecurity, and it's great to see how various penetration testing companies excel in different types of assessments. They play a vital role in keeping our digital world secure!
ReplyDelete