What is Penetration Testing and How Does It Work? -
Added on 2022-08-20
12 Pages2793 Words15 Views
|
|
|
Running head: PENETRATION TESTING
PENETRATION TESTING
Name of the Student
Name of the University
Author Note:
PENETRATION TESTING
Name of the Student
Name of the University
Author Note:
PENETRATION TESTING1
Table of Contents
Introduction..........................................................................................................................2
Different Penetration Testing Methodologies.....................................................................2
Statutory and ethical considerations of a penetration tester................................................4
Standard Operating Procedure.............................................................................................5
Decision-Making Tree.........................................................................................................6
Conclusion...........................................................................................................................8
References..........................................................................................................................10
Table of Contents
Introduction..........................................................................................................................2
Different Penetration Testing Methodologies.....................................................................2
Statutory and ethical considerations of a penetration tester................................................4
Standard Operating Procedure.............................................................................................5
Decision-Making Tree.........................................................................................................6
Conclusion...........................................................................................................................8
References..........................................................................................................................10
PENETRATION TESTING2
Introduction
Penetration testing methodologies stand out to be vital for the firm as they help in testing
operational security of the given physical location. In addition, this can be used for human
security testing, physical security testing, telecommunication security test and network data
testing. There is need for having pen testing methodologies in most of the firm as it helps in
identification of vulnerabilities and threat in the given environment (Baloch 2017). In other
words, penetration testing can be state as the kind of security testing which aim to uncover
various kind of vulnerabilities, risks and threats in various software application. All these can be
used by attacked in case of exploitation. The main purpose of pen test is all about analyzing the
security vulnerabilities found in the system (Shaukat et al. 2016). The ultimate goal of
penetration testing is all about enhancing the overall security of the network.
The report focus on pen testing methodologies and different steps which have asked to
complete in this assignment. In the report, an analysis has been done with respect to penetration
testing methodologies with the intention of carrying out penetration testing. The mere focus is all
about finding the vulnerabilities in SOP for pen testing and decision making tree.
Different Penetration Testing Methodologies
With respect to vulnerabilities of web application, there are mainly three kind of pen test
which can be used like
Black Box testing: The attacker does not have knowledge about the target, which is also
known as black-box penetration testing. It merely requires huge amount of time, and pen tester
can make use of different kind of automated tools in order to find out the vulnerabilities and
weak areas (Dawson and McDonald 2016). Black-box penetration testing helps in determining
Introduction
Penetration testing methodologies stand out to be vital for the firm as they help in testing
operational security of the given physical location. In addition, this can be used for human
security testing, physical security testing, telecommunication security test and network data
testing. There is need for having pen testing methodologies in most of the firm as it helps in
identification of vulnerabilities and threat in the given environment (Baloch 2017). In other
words, penetration testing can be state as the kind of security testing which aim to uncover
various kind of vulnerabilities, risks and threats in various software application. All these can be
used by attacked in case of exploitation. The main purpose of pen test is all about analyzing the
security vulnerabilities found in the system (Shaukat et al. 2016). The ultimate goal of
penetration testing is all about enhancing the overall security of the network.
The report focus on pen testing methodologies and different steps which have asked to
complete in this assignment. In the report, an analysis has been done with respect to penetration
testing methodologies with the intention of carrying out penetration testing. The mere focus is all
about finding the vulnerabilities in SOP for pen testing and decision making tree.
Different Penetration Testing Methodologies
With respect to vulnerabilities of web application, there are mainly three kind of pen test
which can be used like
Black Box testing: The attacker does not have knowledge about the target, which is also
known as black-box penetration testing. It merely requires huge amount of time, and pen tester
can make use of different kind of automated tools in order to find out the vulnerabilities and
weak areas (Dawson and McDonald 2016). Black-box penetration testing helps in determining
PENETRATION TESTING3
the vulnerabilities in the given system, which can be exploited just outside the network. Black-
box penetration testing completely depends on dynamic analysis of the present program within
the target networks. Black-box penetration tester needs to be familiar with the automated
scanning tools and methodologies needed for manual penetration testing. Black box penetration
tester also comes up with the capability of creating their own mind map for the target network.
This is completely based on observation as no kind of diagram is provided to them. As only
limited knowledge is allowed to penetration tester, which makes the black –box penetration test
as quickest to run (Casola et al. 2018). The duration of the assignment completely depends on
the ability of tester for locating and exploiting any kind of vulnerabilities. One of the biggest
drawback of this is that the tester cannot breach the given perimeter.
White Box: It comes up with series of names like clear-box, open-box and logic-driven
testing. It merely falls on the opposite side of the spectrum that is black-box testing where
penetration tester are provided with complete access to different source code. One of the biggest
challenges with white-box testing is the massive amount of data that helps in identifying the
weakness (Robertson 2016). This stand out to be as one of the time-consuming kind of
penetration testing. White-box tester comes up with the ability of doing the static code analysis.
This merely makes much familiar with the source code analyzer, debugger. Much similar kind of
tools are found to be vital for white box tester. As the static analysis can help in missing some of
the vulnerabilities which results due to system misconfiguration. This particular testing provides
a complete assessment with respect to internal and external vulnerabilities. It stand out to be the
best choice in case of carrying out calculation testing (Abu-Dabaseh and Alshammari 2018). As
a result of close relationship in between white box pen tester and developers, a high level of
system knowledge can be obtained.
the vulnerabilities in the given system, which can be exploited just outside the network. Black-
box penetration testing completely depends on dynamic analysis of the present program within
the target networks. Black-box penetration tester needs to be familiar with the automated
scanning tools and methodologies needed for manual penetration testing. Black box penetration
tester also comes up with the capability of creating their own mind map for the target network.
This is completely based on observation as no kind of diagram is provided to them. As only
limited knowledge is allowed to penetration tester, which makes the black –box penetration test
as quickest to run (Casola et al. 2018). The duration of the assignment completely depends on
the ability of tester for locating and exploiting any kind of vulnerabilities. One of the biggest
drawback of this is that the tester cannot breach the given perimeter.
White Box: It comes up with series of names like clear-box, open-box and logic-driven
testing. It merely falls on the opposite side of the spectrum that is black-box testing where
penetration tester are provided with complete access to different source code. One of the biggest
challenges with white-box testing is the massive amount of data that helps in identifying the
weakness (Robertson 2016). This stand out to be as one of the time-consuming kind of
penetration testing. White-box tester comes up with the ability of doing the static code analysis.
This merely makes much familiar with the source code analyzer, debugger. Much similar kind of
tools are found to be vital for white box tester. As the static analysis can help in missing some of
the vulnerabilities which results due to system misconfiguration. This particular testing provides
a complete assessment with respect to internal and external vulnerabilities. It stand out to be the
best choice in case of carrying out calculation testing (Abu-Dabaseh and Alshammari 2018). As
a result of close relationship in between white box pen tester and developers, a high level of
system knowledge can be obtained.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Penetration Testing Report And Managementlg...
|12
|2862
|10
Computer Science and Security | Task Reportlg...
|43
|3989
|16
Pen Test Methodology Comparisonslg...
|11
|2755
|43
Penetration testing or pen testinglg...
|13
|2748
|20
Top 5 Penetration Testing Methodologies and Standardslg...
|11
|2477
|29
Penetration Testinglg...
|14
|3069
|417