Ethical Hacking Pen Testing - Ethical Hacking

What is Ethical Hacking Penetration Testing?

A method followed by the companies to minimize the security breaches is defined as Penetration Testing. A method by which a professional is hired, who tries to hack the system and identify the loopholes that are to be fixed.

An agreement is mandatory for doing a penetration test, which will mention the following parameters -

  • The time of penetration test
  • The location of the IP source of the attack, and
  • The penetration fields of the system

Professional Ethical Hackers usually conduct Penetration Testing using commercial, open-source tools, automate tools and manual checks. As many as possible the security flaws need to be uncovered.

What are the different Types of Penetration Testing?

Five types of penetration testing are available−

  • Black Box – In black-box penetration testing, the information is found by the hacker on his own, by his own means. The hacker will not be having information about the infrastructure or the network of the organization that is penetrated.
  • Grey Box – In Grey-Box testing the ethical hacker has some knowledge about the infrastructure like information about domain name server etc.
  • White Box – In white-box penetration testing, all the infrastructure and network information required to penetrate are provided to the ethical hacker.
  • External Penetration Testing – This testing concentrates on servers and their software or network infrastructure. The public networks through internet are used by the hacker to attack. By attacking the company websites, webservers, public DNS servers, the company infrastructure is hacked by the hacker.
  • Internal Penetration Testing – The tests are conducted by the hacker from inside the network of the company.

Some of the problems like system malfunctioning, system crashing, or data loss are caused by Penetration testing. Before going for a penetration testing, the company should consider the calculated risks. The risk is management risk and is calculated as

RISK = Threat × Vulnerability

Example

An online e-commerce website has to undergo a penetration testing before going live. Initially the pros and cons are weighed. Going ahead with penetration testing may cause service interruption. If not desired to run the penetration testing, then run the risk of unpatched vulnerability remaining as a threat.

The scope of the project needs to be penned down before the penetration testing. Be clear about what is to be tested. For instance -

  • To test a particular VPN or any other remote access techniques of a company
  • The webservers of the databases are to be tested for SQL injection attacks. Also to check if the webserver is immune to DoS attacks.

Quick Tips

The tips to go for a penetration testing are -

  • Requirements need to be understood and the risks need to be evaluated.
  • To conduct a penetration testing a certified person need to be hired. As the professional certified person is trained and well-equipped with all the possible methods and techniques to uncover the network or web application loopholes.
  • An agreement need to be signed before going for a penetration test.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Ethical Hacking Topics