Penetration Testing is a type of security testing service process to identify possible security vulnerabilities within your application by using malicious techniques.
Here the application will be exploited for vulnerabilities through an authorized attack.
The purpose of Penetration Testing is to secure your data from malicious attacks.
Penetration Testing, also called as Pen Test is a way of ethical hacking performed by the tester to make sure proper defensive measures are employed.
Penetration testing is a must and has become unavoidable for organizations with lots of cyber-attacks happening around.
Back in 2003, Yahoo was affected by a data breach. Even Organizations as big as Yahoo face these security threats.
No matter how secure you think, the hackers always find loopholes to penetrate into your system.
Pen test will make sure your critical business and financial data are secure. During a pen test everything from software, hardware to networks will be tested.
The PTES (Penetration Testing Methodologies and Standards) has developed a basic penetration testing methodology, which consist of 7 steps. This methodology covers everything from pre-engagement, information gathering, and exploitation & post exploitationPenetration Testing Types
There are 3 different types of penetration testing.
In this method, the tester assess the target without any knowledge of the application. In other words, no code is being examined.
In this method, the tester assess the target with complete knowledge like systems, network, IP address, source code, OS, schema etc.
In this method the tester has limited knowledge of the target environment.
Penetration testing can also be categorized in 5 types.
Network Service Tests – This is the most common type of pen test, which aims to discover the vulnerabilities in the network. This test can be done locally as well as remotely. The tester will examine,
Also software packages like,
Wireless Network Tests – This type of test is to analyze the wireless devices deployed on the client environment. The wireless devices like tablets, notebooks, laptops and smartphones are tested for vulnerabilities.
Web Application Tests – Web applications, browsers and their components are tested for security weaknesses and vulnerabilities.
Client Side Tests – The security vulnerabilities of any software that have been installed in the client’s computer (employee workstation) are tested.
Social Engineering Tests – In this type of test the tester tries to get confidential sensitive information of employees such as passwords by tricking them to reveal. The purpose is to discover how weak and unsecured the information are for hackers.
Manual penetration testing
Automated penetration testing
Combination of manual and automation
Though penetration testing can be done manually, there are lots of open source and paid tools for automation purpose. The following are some of the popular automation tools among penetration testers.
By Uma Raj
By Uma Raj
By Abishek Balakumar