Wednesday, November 23, 2011

What is Penetration Testing and Pen Testing Distribution?


Penetration Testing(Pen Testing) is the act of evaluating the Security of system or network by exploiting vulnerabilities. This will determine whether unauthorized or malicious activity is possible in a system. Vulnerability uncovered through the Pen Testing will be presented to the system's owner.


Why Penetration Testing?

  • Pentetration testing can identify the vulnerabilities that is not identified by an automated vulnerability scanners.
  • Determining the feasibility of a particular set of attack vectors
  • Determining the Critical Vulerabilities .
  • Assessing the magnitude of potential business and operational impacts of successful attacks
  • Testing the ability of network defenders to successfully detect and respond to the attacks
  • Testing stability of the system against the DDOS attack.



White Box vs Black Box vs Grey Box Testing:
Penetration testing can be performed in different ways. The methods can be classified into three types based on the knowledge about the System being tested.

White Box:
In white box testing, Pen Tester know everything about the system such as source code,network diagrams, ip addressing info.

White box testing simulates what might happen during an "inside job" or after a "leak" of sensitive information, where the attacker(malicious insider) has access to source code, network layouts, and possibly even some passwords.

Black Box:
Pen Tester test the system without prior knowledge about the system. This method is also known as Blind Testing . Black box testing simulates an attack from someone who is unfamiliar(malicious outsiders) with the system.

Grey Box:
In this method, Pen Tester partially know about the system.

Web application penetration testing:
This testing will be used to find the following web application vulnerabilities:

  • SQL Injection
  • XSS(Cross site Scripting)
  • Buffer overflow
  • Clickjacking
  • DDOS
Penetration Testing Tool:
Penetration Testing tools are used as part of a penetration test to automate certain tasks, improve testing efficiency, and discover issues that might be difficult to find using manual analysis techniques alone.

As a Penetration Tester, you will need lot of Penetration testing tools to test the Security of system. Searching ,downloading and installing the required software may take time. You can use a Penetration Testing Distribution instead.

What is Pen Testing Distribution?
Penetration Testing Distribution is an open source Operating System(Derived from Linux/BSD) that combines all required application for testing the security of system. It is specially developed for Security Professionals(Pen Testers/EthicalHackers/Forensic Officers...)
Eg: Backtrack 5 Linux .

What is the advantage of Penetration Testing Distribution?
All Required application for security test are gathered in a single Operating system. You don't need to search for application, Save your time. Penetration Testing Distribution are open source and free to use. You can install in pen drive and bring it anywhere.

Share This Article on Twitter/Facebook/Blog/Forum or Anywhere:


New Post Older Post Home
 

© Break The Security. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com