Assignment - Penetration Testing
Added on 2022-08-17
12 Pages2834 Words28 Views
|
|
|
Running head: PENETRATION TESTING
PENETRATION TESTING
Name of student
Name of university
Author’s note:
PENETRATION TESTING
Name of student
Name of university
Author’s note:
1
PENETRATION TESTING
Table of Contents
Introduction....................................................................................................................2
Discussion......................................................................................................................2
Penetration testing methodologies.............................................................................2
Ethical and legal issues of penetration tester.............................................................4
Decision making tree..................................................................................................6
Step 1: Intelligence gathering.....................................................................................7
Step 2: Vulnerability identification and analysis.......................................................7
Step 3: Target exploitation.........................................................................................8
Conclusion......................................................................................................................9
References....................................................................................................................10
PENETRATION TESTING
Table of Contents
Introduction....................................................................................................................2
Discussion......................................................................................................................2
Penetration testing methodologies.............................................................................2
Ethical and legal issues of penetration tester.............................................................4
Decision making tree..................................................................................................6
Step 1: Intelligence gathering.....................................................................................7
Step 2: Vulnerability identification and analysis.......................................................7
Step 3: Target exploitation.........................................................................................8
Conclusion......................................................................................................................9
References....................................................................................................................10
2
PENETRATION TESTING
Introduction
Penetration testing or pen testing and ethical hacking could be described to be the
practices of effective testing any system, web application or the network for discovering
various security vulnerabilities that could be exploited by the attackers. The penetration
testing could be effectively automated with the various software applications or even
performed manually. In both the ways, the procedures mainly includes the information
collecting regarding the target prior testing, discovering the various entry points, intending to
break in, and then reporting back all the findings. This report intends to discuss the main
steps associated with the penetration testing for searching the various vulnerabilities.
Discussion
Penetration testing methodologies
Penetration testing methodology can be described as manuals that are used for
conducting any security test on any system in any specific method. In the manuals written by
the various organization, provides the complete guideline for conducting any test. Any typical
methodology mainly involves the vulnerability assessment, data collection, actual exploit,
result analysis as well as the report preparation. The penTest methodology is particularly
effective for determining the success of any test. The reporting aspect of the test becomes
significantly convenient and precise to clients (Pozzobon et al. 2018). The pentest could
become significantly easy in conducting, and it helps in initiating the procedure ethically as
well as legally. The methodologies which could be utilised for executing the penetration
testing are:
OSSTMM: Open Source Security Testing Methodology Manual can be referred as the
manual based on the security testing as well as the analysis created by Pete Herzog. It is latest
complete version of Open Source Security Testing Methodology Manual. The concept of
PENETRATION TESTING
Introduction
Penetration testing or pen testing and ethical hacking could be described to be the
practices of effective testing any system, web application or the network for discovering
various security vulnerabilities that could be exploited by the attackers. The penetration
testing could be effectively automated with the various software applications or even
performed manually. In both the ways, the procedures mainly includes the information
collecting regarding the target prior testing, discovering the various entry points, intending to
break in, and then reporting back all the findings. This report intends to discuss the main
steps associated with the penetration testing for searching the various vulnerabilities.
Discussion
Penetration testing methodologies
Penetration testing methodology can be described as manuals that are used for
conducting any security test on any system in any specific method. In the manuals written by
the various organization, provides the complete guideline for conducting any test. Any typical
methodology mainly involves the vulnerability assessment, data collection, actual exploit,
result analysis as well as the report preparation. The penTest methodology is particularly
effective for determining the success of any test. The reporting aspect of the test becomes
significantly convenient and precise to clients (Pozzobon et al. 2018). The pentest could
become significantly easy in conducting, and it helps in initiating the procedure ethically as
well as legally. The methodologies which could be utilised for executing the penetration
testing are:
OSSTMM: Open Source Security Testing Methodology Manual can be referred as the
manual based on the security testing as well as the analysis created by Pete Herzog. It is latest
complete version of Open Source Security Testing Methodology Manual. The concept of
3
PENETRATION TESTING
modules are used by OSSTMM by defining them as the set of particular phases or the
processes that are applicable for each of the channels. It involves the operational security
metrics, security testing, the security analysis, operation trust metrics, trust analysis as well as
the crucial tactics for testing of security (Denis, Zena and Hayajneh 2016). The OSSTMM is
the peer-reviewed methodology used for conducting security testing. The updating of the
manual is done every six months for remaining connected to the present states of the security
testing. It has been claimed by the ISECOM that the main objective with OSSTMM is
providing the scientific procedure for accurate characterisation of the operations security that
could be used for the penetration testing, ethical hacking, as well as other security testing.
ISSAF: Information System Security Assessment Framework or ISSAF could be
considered as peer reviewed structured framework that helps in the categorisation of the
security assessment of information system within the various domains, plus specifies the
particular assessment or the testing conditions for every domain (Singh et al. 2018). It intends
to offer the inputs in fields on the security evaluation that reflects the real situations of life.
The utilisation of the ISSAF should be done primarily for fulfilling the security assessment
requirements of the organisation and might furthermore be utilised as the reference for
fulfilling the other needs of information security. The ISSAF involves the critical facet of the
security procedures as well as the assessment for gaining the overall idea of the
vulnerabilities that may exist. The information within the ISSAF has been organised into the
well-defined criteria of evaluation and each of which is reviewed. The primary goal of ISSAF
is providing the sole point of reference for conducting the security assessment. It has been
considered as the reference that has been closely associated with the real life issues of
security evaluation and that provides significant value suggestion for the businesses.
OWASP: Open Web Application Security Project or the OWASP could be described
as the online community who provides the freely-available methodologies, articles,
PENETRATION TESTING
modules are used by OSSTMM by defining them as the set of particular phases or the
processes that are applicable for each of the channels. It involves the operational security
metrics, security testing, the security analysis, operation trust metrics, trust analysis as well as
the crucial tactics for testing of security (Denis, Zena and Hayajneh 2016). The OSSTMM is
the peer-reviewed methodology used for conducting security testing. The updating of the
manual is done every six months for remaining connected to the present states of the security
testing. It has been claimed by the ISECOM that the main objective with OSSTMM is
providing the scientific procedure for accurate characterisation of the operations security that
could be used for the penetration testing, ethical hacking, as well as other security testing.
ISSAF: Information System Security Assessment Framework or ISSAF could be
considered as peer reviewed structured framework that helps in the categorisation of the
security assessment of information system within the various domains, plus specifies the
particular assessment or the testing conditions for every domain (Singh et al. 2018). It intends
to offer the inputs in fields on the security evaluation that reflects the real situations of life.
The utilisation of the ISSAF should be done primarily for fulfilling the security assessment
requirements of the organisation and might furthermore be utilised as the reference for
fulfilling the other needs of information security. The ISSAF involves the critical facet of the
security procedures as well as the assessment for gaining the overall idea of the
vulnerabilities that may exist. The information within the ISSAF has been organised into the
well-defined criteria of evaluation and each of which is reviewed. The primary goal of ISSAF
is providing the sole point of reference for conducting the security assessment. It has been
considered as the reference that has been closely associated with the real life issues of
security evaluation and that provides significant value suggestion for the businesses.
OWASP: Open Web Application Security Project or the OWASP could be described
as the online community who provides the freely-available methodologies, articles,
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents