Top 5 Penetration Testing Methodologies and Standards
Added on 2022-08-11
11 Pages2477 Words29 Views
Data Science and Big Data
|
|
|
Running head: PEN TEST METHODOLOGY
PEN TEST METHODOLOGY
Name of the Student
Name of the University
Author note
PEN TEST METHODOLOGY
Name of the Student
Name of the University
Author note
1
PEN TEST METHODOLOGY
Table of Contents
PEN TESTING METHODOLOGY COMPARISON.....................................................................2
Statutory and legal consideration of a penetration tester.................................................................4
Standard Operating Procedure.........................................................................................................6
Decision tree diagram......................................................................................................................9
References......................................................................................................................................10
PEN TEST METHODOLOGY
Table of Contents
PEN TESTING METHODOLOGY COMPARISON.....................................................................2
Statutory and legal consideration of a penetration tester.................................................................4
Standard Operating Procedure.........................................................................................................6
Decision tree diagram......................................................................................................................9
References......................................................................................................................................10
2
PEN TEST METHODOLOGY
PEN TESTING METHODOLOGY COMPARISON
There are three methodologies that are considered for performing pen testing
methodology. They are namely Black Box Penetration Testing, White Box Penetration Testing
and Gray Box Testing.
These methodologies vary in their operational processes. It have been seen that in case of
Black Box penetration testing, the consultant does not have any kind of access to the internal
information and hence wise they do not have any kind of access to the client’s application
network (Mehta, Raj and Singh 2018). The job role of the consultant have been acting important
in the process as well. The entire process of reconnaissance have been obtaining sensitive
knowledge that is needed to be proceeded. This type of Black Box penetration testing is the most
realistic testing method. IT have been seen that the time that is take for detecting an attack have
been high. The chances of detecting the vulnerabilities are also lesser than the other two testing
methodology. There are several security tools that are present in the networking services as this
might be providing a robustness and security to the network (Stefinko, Piskozub and Banakh
2016). This prevents the network form getting its vulnerabilities exploited. However, there is an
issue in this method. The issue is that the sole thing that is required for exploiting the
vulnerability is that with the help of variation in the setting or connecting from a different
browser version will ensure that the vulnerabilities can be exploited.
Whereas in case of Grey Box Testing, the access point on the internal section of the
network is higher. Internal knowledge of the application falls under the category of the grey box
testing methodology. It can be stated that in case of black box testing, the testing process begins
with the engagement from an external view point. Whereas in case of grey box penetration
PEN TEST METHODOLOGY
PEN TESTING METHODOLOGY COMPARISON
There are three methodologies that are considered for performing pen testing
methodology. They are namely Black Box Penetration Testing, White Box Penetration Testing
and Gray Box Testing.
These methodologies vary in their operational processes. It have been seen that in case of
Black Box penetration testing, the consultant does not have any kind of access to the internal
information and hence wise they do not have any kind of access to the client’s application
network (Mehta, Raj and Singh 2018). The job role of the consultant have been acting important
in the process as well. The entire process of reconnaissance have been obtaining sensitive
knowledge that is needed to be proceeded. This type of Black Box penetration testing is the most
realistic testing method. IT have been seen that the time that is take for detecting an attack have
been high. The chances of detecting the vulnerabilities are also lesser than the other two testing
methodology. There are several security tools that are present in the networking services as this
might be providing a robustness and security to the network (Stefinko, Piskozub and Banakh
2016). This prevents the network form getting its vulnerabilities exploited. However, there is an
issue in this method. The issue is that the sole thing that is required for exploiting the
vulnerability is that with the help of variation in the setting or connecting from a different
browser version will ensure that the vulnerabilities can be exploited.
Whereas in case of Grey Box Testing, the access point on the internal section of the
network is higher. Internal knowledge of the application falls under the category of the grey box
testing methodology. It can be stated that in case of black box testing, the testing process begins
with the engagement from an external view point. Whereas in case of grey box penetration
3
PEN TEST METHODOLOGY
testing, some internal access is already granted. Access to the logic flow charts are already
provided to the Grey Box penetration testing process. As a proper outlook to the background is
provide the consultant a better scenario understanding ability. The vulnerabilities that are present
in the operational process are also well stated. This helps the consultants to perform better
analysis of the vulnerabilities that are present in the network system. The major difference in
between Grey box penetration testing and Black Box penetration testing is that the consultants
are allowed to create a more streamlined testing process in the in grey box penetration testing
process. Hence the time that is required in performing the testing process is case of grey box
testing is much lower than that of the black box testing.
Again it is seen that white box testing is mainly focused on providing proper security to
the application as it has complete access to the application and system. The white box testing
process ensures that there is a complete access to the code of the application. Thus it is seen that
the consultant has the open access to the source code of the application. Hence wise granting of
high level privilege have been one of the major advantage that is received during the usage of the
white box testing process. The main reason of using the methodology of white box testing is that
there will be proper identification of potential weaknesses that are present in the areas, namely
logical vulnerabilities. Understanding the vulnerabilities that are present in the processing of the
potential security exposures along with the poorly developed code is also performed. Lack of
defensive areas in case if present in also well understood. These are the major aspect that is
considered. Hence it can be stated that white box testing method have been the most efficient
testing method. However there have been issues with practicality in this testing method.
PEN TEST METHODOLOGY
testing, some internal access is already granted. Access to the logic flow charts are already
provided to the Grey Box penetration testing process. As a proper outlook to the background is
provide the consultant a better scenario understanding ability. The vulnerabilities that are present
in the operational process are also well stated. This helps the consultants to perform better
analysis of the vulnerabilities that are present in the network system. The major difference in
between Grey box penetration testing and Black Box penetration testing is that the consultants
are allowed to create a more streamlined testing process in the in grey box penetration testing
process. Hence the time that is required in performing the testing process is case of grey box
testing is much lower than that of the black box testing.
Again it is seen that white box testing is mainly focused on providing proper security to
the application as it has complete access to the application and system. The white box testing
process ensures that there is a complete access to the code of the application. Thus it is seen that
the consultant has the open access to the source code of the application. Hence wise granting of
high level privilege have been one of the major advantage that is received during the usage of the
white box testing process. The main reason of using the methodology of white box testing is that
there will be proper identification of potential weaknesses that are present in the areas, namely
logical vulnerabilities. Understanding the vulnerabilities that are present in the processing of the
potential security exposures along with the poorly developed code is also performed. Lack of
defensive areas in case if present in also well understood. These are the major aspect that is
considered. Hence it can be stated that white box testing method have been the most efficient
testing method. However there have been issues with practicality in this testing method.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Statutory And Legal Consideration Reportlg...
|13
|2609
|17
Pen Test Methodology Comparisonslg...
|11
|2755
|43
What is Penetratiton Testing | Assignmentlg...
|13
|2640
|12
Penetration Testing Report And Managementlg...
|12
|2862
|10
What is Penetration Testing and How Does It Work? -lg...
|12
|2793
|15
Computer Science and Security | Task Reportlg...
|43
|3989
|16