WIXLIB

Penetration TestingAbout the TutorialPenetration Testing is used to find flaws in the system in order to take appropriate securitymeasures to protect the data and maintain functionality. This tutorial provides a quickglimpse of the core concepts of Penetration Testing.AudienceThis tutorial has been prepared for beginners to help them understand the basics ofPenetration Testing and how to use it in practice.PrerequisitesBefore proceeding with this tutorial, you should have a basic understanding of softwaretesting and its related concepts.Copyright & Disclaimer Copyright 2018 by Tutorials Point (I) Pvt. Ltd.All the content and graphics published in this e-book are the property of Tutorials Point (I)Pvt. Ltd. The user of this e-book is prohibited to reuse, retain, copy, distribute or republishany contents or a part of contents of this e-book in any manner without written consentof the publisher.We strive to update the contents of our website and tutorials as timely and as precisely aspossible, however, the contents may contain inaccuracies or errors. Tutorials Point (I) Pvt.Ltd. provides no guarantee regarding the accuracy, timeliness or completeness of ourwebsite or its contents including this tutorial. If you discover any errors on our website orin this tutorial, please notify us at contact@tutorialspoint.comi

Penetration TestingTable of ContentsAbout the Tutorial . iAudience . iPrerequisites . iCopyright & Disclaimer . iTable of Contents . ii1.PENETRATION TESTING — INTRODUCTION . 1What is Penetration Testing? . 1Why is Penetration Testing Required? . 1When to Perform Penetration Testing? . 1How is Penetration Testing Beneficial? . 22.PENETRATION TESTING — PENETRATION TESTING METHOD. 3Steps of Penetration Testing Method . 3Planning & Preparation . 4Reconnaissance . 4Discovery . 4Analyzing Information and Risks . 4Active Intrusion Attempts . 5Final Analysis . 5Report Preparation . 53.PENETRATION TESTING — PENETRATION TESTING VS. VULNERABILITY ASSESSMENT . 6Penetration Testing . 6Vulnerability Assessment . 6Which Option is Ideal to Practice? . 74.PENETRATION TESTING — TYPES OF PENETRATION TESTING. 8Types of Pen Testing . 8ii

Penetration TestingBlack Box Penetration Testing . 8White Box Penetration Testing. 9Grey Box Penetration Testing . 9Areas of Penetration Testing . 105.PENETRATION TESTING — MANUAL AND AUTOMATED . 11What is Manual Penetration Testing? . 11Types of Manual Penetration Testing . 12What is Automated Penetration Testing? . 126.PENETRATION TESTING — PENETRATION TESTING TOOLS . 14What are Penetration Testing Tools? . 147.PENETRATION TESTING — INFRASTRUCTURE PENETRATION TESTING . 16What is Infrastructure Penetration Testing? . 16Types of Infrastructure Penetration Testing . 16External Infrastructure Testing . 17Internal Infrastructure Penetration Testing . 17Cloud and Virtualization Penetration Testing . 17Wireless Security Penetration Testing . 188.PENETRATION TESTING — PENETRATION TESTERS . 19Qualification of Penetration Testers. 19Role of a Penetration Tester . 209.PENETRATION TESTING — REPORT WRITING . 21What is Report Writing? . 21Report Writing Stages . 21Report Planning . 21Information Collection . 22iii

Penetration TestingWriting the First Draft . 22Review and Finalization . 22Content of Penetration Testing Report. 2310. PENETRATION TESTING — ETHICAL HACKING . 24Who are Ethical Hackers? . 24Who are Criminal Hackers? . 24What can Criminal Hackers do? . 24What are the Skill-Sets of Ethical Hackers?. 26What do Ethical Hackers do? . 26Types of Hackers . 2611. PENETRATION TESTING — PENETRATION TESTING VS. ETHICAL HACKING . 28Penetration Testing . 28Ethical Hacking . 2812. PENETRATION TESTING — LIMITATIONS . 3013. PENETRATION TESTING — REMEDIATION . 3214. PENETRATION TESTING — LEGAL ISSUES . 33iv

1.Penetration TestingPenetration Testing — IntroductionWhat is Penetration Testing?Penetration testing is a type of security testing that is used to test the insecurity of anapplication. It is conducted to find the security risk which might be present in the system.If a system is not secured, then any attacker can disrupt or take authorized access to thatsystem. Security risk is normally an accidental error that occurs while developing andimplementing the software. For example, configuration errors, design errors, and softwarebugs, etc.Why is Penetration Testing Required?Penetration testing normally evaluates a system’s ability to protect its networks,applications, endpoints and users from external or internal threats. It also attempts toprotect the security controls and ensures only authorized access.Penetration testing is essential because: It identifies a simulation environment i.e., how an intruder may attack the systemthrough white hat attack. It helps to find weak areas where an intruder can attack to gain access to thecomputer’s features and data. It supports to avoid black hat attack and protects the original data. It estimates the magnitude of the attack on potential business. It provides evidence to suggest, why it is important to increase investments insecurity aspect of technology.When to Perform Penetration Testing?Penetration testing is an essential feature that needs to be performed regularly forsecuring the functioning of a system. In addition to this, it should be performed whenever: Security system discovers new threats by attackers. You add a new network infrastructure. You update your system or install new software. You relocate your office. You set up a new end-user program/policy.1

Penetration TestingHow is Penetration Testing Beneficial?Penetration testing offers the following benefits:: Enhancement of the Management System: It provides detailed informationabout the security threats. In addition to this, it also categorizes the degree ofvulnerabilities and suggests you, which one is more vulnerable and which one isless. So, you can easily and accurately manage your security system by allocatingthe security resources accordingly. Avoid Fines: Penetration testing keeps your organization’s major activitiesupdated and complies with the auditing system. So, penetration testing protectsyou from giving fines. Protection from Financial Damage: A simple breach of security system maycause millions of dollars of damage. Penetration testing can protect yourorganization from such damages. Customer Protection: Breach of even a single customer’s data may cause bigfinancial damage as well as reputation damage. It protects the organizations whodeal with the customers and keep their data intact.2

2.Penetration TestingPenetration Testing — Penetration Testing MethodPenetration testing is a combination of techniques that considers various issues of thesystems and tests, analyzes, and gives solutions. It is based on a structured procedurethat performs penetration testing step-by-step.This chapter describes various steps or phases of penetration testing method.Steps of Penetration Testing MethodThe following are the seven steps of penetration testing:Planning & PreparationReconnaissanceDiscoveryAnalyzing information and risksActive intrusion attemptsFinal analysisReport Preparation3

Penetration TestingEnd of ebook previewIf you liked what you saw Buy it from our store @ https://store.tutorialspoint.com4

PENETRATION TESTING — LEGAL ISSUES .33. Penetration Testing 1 What is Penetration Testing? Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to fin