locked
What is penetration testing? RRS feed

  • Question

  • penetration testing is on boom, but i want to know actually what penetration testing is !
    • Edited by india7214 Friday, December 14, 2018 6:50 PM
    Friday, December 14, 2018 6:49 PM

All replies

  • Hi india7214.

    Penetration test is an authorized simulated attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, thus enabling a full risk assessment to be completed.

    Bye.


    Luigi Bruno
    MCP, MOS, MTA, MCTS, MCSA, MCSE

    Friday, December 14, 2018 7:32 PM
  • In a simple term...  Its the practice of testing a computer system, network or web application to find security threats / vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.

    Penetration testing is also called pen testing or ethical hacking

    Pen Testing will be done on various levels 

    - Network Service Tests.
    - Web Application Tests.
    - Client Side Tests.
    - Wireless Network Tests.
    - Social Engineering Tests.

    Below are the possible vulnerabilities that can be identified using pen tests

    • Design and development errors: There can be flaws in the design of hardware and software. These bugs can put your business-critical data at the risk of exposure.
    • Poor system configuration: This is another cause of vulnerability. If the system is poorly configured, then it can introduce loopholes through which attackers can enter into the system & steal the information.
    • Human errors: Human factors like improper disposal of documents, leaving the documents unattended, coding errors, insider threats, sharing passwords over phishing sites, etc. can lead to security breaches.
    • Connectivity: If the system is connected to an unsecured network (open connections) then it comes in the reach of hackers.
    • Complexity: The security vulnerability rises in proportion to the complexity of a system. The more features a system has, the more chances of the system being attacked.
    • Passwords: Passwords are used to prevent unauthorized access. They should be strong enough that no one can guess your password. Passwords should not be shared with anyone at any cost and passwords should be changed periodically. In spite of these instructions, at times people reveal their passwords to others, write them down somewhere and keep easy passwords that can be guessed.
    • User Input: You must have heard of SQL injection, buffer overflows, etc. The data received electronically through these methods can be used to attack the receiving system.
    • Management: Security is hard & expensive to manage. Sometimes organizations lack behind in proper risk management and hence vulnerability gets induced in the system.
    • Lack of training to staff: This leads to human errors and other vulnerabilities.
    • Communication: Channels like mobile network, internet, telephone opens up security theft scope.


    There are several good article you can refer to 

    https://www.softwaretestinghelp.com/penetration-testing-guide/

    Hope this helps...

    ---------------------------------------------------------------------------------------------------------

    Please don't forget to “mark the replies as answersif they helped, also set "like" it’s a boost for us to keep blogging J

    Click here to learn more. Visit the dedicated Community forum to shareexplore and talk to experts about Microsoft Kaizala.




    Thursday, December 20, 2018 1:30 AM
  • Penetration testing is an art. You can find out a lot of techniques and understand all of the tools, but the reality is that software is complex, especially when you start putting a lot of software systems together.

    It’s that complexity that means that there is no one-size-fits-all solution when it comes to finding ways to get into systems.

    An attack that may work against one web server may not work for the same web server running on a different system.

    Sometimes, you can try a particular attack a number of times without success before it suddenly starts working and you find a way to break into the system.

    A skilled and successful penetration tester has not only the technical skills necessary to run the tools and understand what is happening, but also the creativity necessary to try different approaches.

    Penetration testing is a type of security testing that is used to test the insecurity of an application.

    Source : https://dlightdaily.com/penetration-testing/

    Wednesday, September 9, 2020 11:22 AM