Notes

1.Classify the different Categories of Penetration testing.
4.Illustrate the different types of penetration testing.
5.Discuss about penetration test and explain the need for repeated penetration testing.
7 Discuss the summary of types of methodologies about penetration test.
Penetration testing can exploit the vulnerabilities while a vulnerability scan
identifies the rank of vulnerability and report it.
Penetration testing is a protective and unauthorized effect of hacking into the computer system to find
the vulnerabilities from various viewpoints.
The white hat hackers perform penetration testing.
Penetration testing is of two types
External penetration test
Internal penetration test
An External penetration test is used to test the effectiveness of a security
system to detect and prevent the attacks
Internal penetration tests always assume that you have internal network
access. If you are worried that an employee of your organization could access the
unauthorized data, an internal pen test can provide valuable insight

Need for Penetration Testing
The goal of amateur or professional hacker is to steal the sensitive
data of your organization. They may be wanted to destroy your company,
or they may be after the money. Your company's reputation can be
negatively affected by one single incident of system downtime.

To secure your system, regular updating your password and window
firewall is not enough. Highly skilled hackers can easily access your
computer system.

Benefits of Penetration testing
Reveal Vulnerabilities
Show Real risks
Test Cyber-Defence Capability
Ensure Business Continuity
Follow certification
Maintain Trust

Types Of Penetration Testing
The different types of penetration testing include:
 Network Services
 Web Application
 Client Side
 Wireless
 Social Engineering
 Physical Penetration Testing

Network Service Penetration Testing
The main purpose is to identify the most exposed vulnerabilities and security
weaknesses in the network infrastructure (servers, firewalls, switches, routers,
printers, workstations, and more) of an organization before they can be
exploited.
Why Should You Perform A Network Service Penetration Test?
Network penetration tests should be performed to protect your business from
common network-based attacks including:
 Firewall Misconfiguration And Firewall Bypass
 IPS/IDS Evasion Attacks
 Router Attacks
 DNS Level Attacks:
o Zone Transfer Attacks
Database Attacks

Web Application Penetration Testing
Web application penetration testing is used to discover vulnerabilities or
security weaknesses in web-based applications. It uses different penetration
techniques and attacks with aims to break into the web application itself.

The typical scope for a web application penetration test includes web
based applications, browsers,

Why Should You Perform A Web Application Penetration Test?
to identify security weaknesses or vulnerabilities within the web based applications
and its components like Database, Source Code, and the back-end network
In software application development it’s considered best practice to
continuously improve the codebase.

Client Side Penetration Testing
1. Client side penetration testing is used to discover vulnerabilities or
security weaknesses in client side applications.
2. These could be a program or applications such as Putty, email clients,
web browsers (i.e. Chrome, Firefox, Safari, etc.), Macromedia Flash, and
others. Programs like Adobe Photoshop and the Microsoft Office Suite
are also subject to testing.

Why Should You Perform A Client-Side Penetration Test?
Client-side tests are performed to identify specific cyber-attacks including:
 Cross-Site Scripting Attacks
 Clickjacking Attacks
 Cross-Origin Resource Sharing (CORS)
 Form Hijacking
 HTML Injection
 Open Redirection
 Malware Infection

Wireless Penetration Testing
Wireless penetration testing involves identifying and examining the
connections between all devices connected to the business’s wifi. These devices
include laptops, tablets, smartphones, and any other internet of things (IoT)
devices.
Why Should You Perform A Wireless Penetration Test?
 Wireless communications are an invisibly running service that allows
data to flow in and out of the network.

Social Engineering Penetration Testing
Social engineering penetration testing is where a malicious actor attempts to
persuade or trick users into giving them sensitive information, such as a
username and password.
Common types of social engineering attacks used by pen testers include:
 Phishing Attacks
 Vishing
 Smishing
 Tailgating
 Imposters (i.e. Fellow Employees, External Vendors, or Contractors)
 Name Dropping
 Pre-texting
 Dumpster Diving
 Eavesdropping
 Gifts
Physical Penetration Testing
Physical penetration testing simulates a real-world threat whereby a pen tester
attempts to compromise physical barriers to access a business’s infrastructure,
building, systems, or employees.
Why Should You Perform A Physical Penetration Test?
, if a malicious actor is able to gain physical access to your server room then they
could own your network. Imagine the impact that might have on your business,
on your customers, as well as business partnerships.
The primary benefit of a physical penetration test is to expose weaknesses and
vulnerabilities in physical controls (locks, barriers, cameras, or sensors)

3. Write a detail about important terminologies in Hacking