Notes
Notes - notes.io |
4.Illustrate the different types of penetration testing.
5.Discuss about penetration test and explain the need for repeated penetration testing.
7 Discuss the summary of types of methodologies about penetration test.
Penetration testing can exploit the vulnerabilities while a vulnerability scan
identifies the rank of vulnerability and report it.
Penetration testing is a protective and unauthorized effect of hacking into the computer system to find
the vulnerabilities from various viewpoints.
The white hat hackers perform penetration testing.
Penetration testing is of two types
External penetration test
Internal penetration test
An External penetration test is used to test the effectiveness of a security
system to detect and prevent the attacks
Internal penetration tests always assume that you have internal network
access. If you are worried that an employee of your organization could access the
unauthorized data, an internal pen test can provide valuable insight
Need for Penetration Testing
The goal of amateur or professional hacker is to steal the sensitive
data of your organization. They may be wanted to destroy your company,
or they may be after the money. Your company's reputation can be
negatively affected by one single incident of system downtime.
To secure your system, regular updating your password and window
firewall is not enough. Highly skilled hackers can easily access your
computer system.
Benefits of Penetration testing
Reveal Vulnerabilities
Show Real risks
Test Cyber-Defence Capability
Ensure Business Continuity
Follow certification
Maintain Trust
Types Of Penetration Testing
The different types of penetration testing include:
Network Services
Web Application
Client Side
Wireless
Social Engineering
Physical Penetration Testing
Network Service Penetration Testing
The main purpose is to identify the most exposed vulnerabilities and security
weaknesses in the network infrastructure (servers, firewalls, switches, routers,
printers, workstations, and more) of an organization before they can be
exploited.
Why Should You Perform A Network Service Penetration Test?
Network penetration tests should be performed to protect your business from
common network-based attacks including:
Firewall Misconfiguration And Firewall Bypass
IPS/IDS Evasion Attacks
Router Attacks
DNS Level Attacks:
o Zone Transfer Attacks
Database Attacks
Web Application Penetration Testing
Web application penetration testing is used to discover vulnerabilities or
security weaknesses in web-based applications. It uses different penetration
techniques and attacks with aims to break into the web application itself.
The typical scope for a web application penetration test includes web
based applications, browsers,
Why Should You Perform A Web Application Penetration Test?
to identify security weaknesses or vulnerabilities within the web based applications
and its components like Database, Source Code, and the back-end network
In software application development it’s considered best practice to
continuously improve the codebase.
Client Side Penetration Testing
1. Client side penetration testing is used to discover vulnerabilities or
security weaknesses in client side applications.
2. These could be a program or applications such as Putty, email clients,
web browsers (i.e. Chrome, Firefox, Safari, etc.), Macromedia Flash, and
others. Programs like Adobe Photoshop and the Microsoft Office Suite
are also subject to testing.
Why Should You Perform A Client-Side Penetration Test?
Client-side tests are performed to identify specific cyber-attacks including:
Cross-Site Scripting Attacks
Clickjacking Attacks
Cross-Origin Resource Sharing (CORS)
Form Hijacking
HTML Injection
Open Redirection
Malware Infection
Wireless Penetration Testing
Wireless penetration testing involves identifying and examining the
connections between all devices connected to the business’s wifi. These devices
include laptops, tablets, smartphones, and any other internet of things (IoT)
devices.
Why Should You Perform A Wireless Penetration Test?
Wireless communications are an invisibly running service that allows
data to flow in and out of the network.
Social Engineering Penetration Testing
Social engineering penetration testing is where a malicious actor attempts to
persuade or trick users into giving them sensitive information, such as a
username and password.
Common types of social engineering attacks used by pen testers include:
Phishing Attacks
Vishing
Smishing
Tailgating
Imposters (i.e. Fellow Employees, External Vendors, or Contractors)
Name Dropping
Pre-texting
Dumpster Diving
Eavesdropping
Gifts
Physical Penetration Testing
Physical penetration testing simulates a real-world threat whereby a pen tester
attempts to compromise physical barriers to access a business’s infrastructure,
building, systems, or employees.
Why Should You Perform A Physical Penetration Test?
, if a malicious actor is able to gain physical access to your server room then they
could own your network. Imagine the impact that might have on your business,
on your customers, as well as business partnerships.
The primary benefit of a physical penetration test is to expose weaknesses and
vulnerabilities in physical controls (locks, barriers, cameras, or sensors)
3. Write a detail about important terminologies in Hacking
|
Notes.io is a web-based application for taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000 notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 12 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team