Penetration Testing Report And Management
Added on 2022-08-20
12 Pages2862 Words10 Views
Running head: PENETRATION TESTING
PENETRATION TESTING
Name of the Student
Name of the University
Author Note:
PENETRATION TESTING
Name of the Student
Name of the University
Author Note:
PENETRATION TESTING1
Table of Contents
Introduction..........................................................................................................................2
PenTest Methodologies Comparison...............................................................................2
Statutory and Legal Consideration of Penetration Tester................................................4
SOP for task 2..................................................................................................................5
Decision making tree.......................................................................................................6
Conclusion...........................................................................................................................8
References..........................................................................................................................10
Table of Contents
Introduction..........................................................................................................................2
PenTest Methodologies Comparison...............................................................................2
Statutory and Legal Consideration of Penetration Tester................................................4
SOP for task 2..................................................................................................................5
Decision making tree.......................................................................................................6
Conclusion...........................................................................................................................8
References..........................................................................................................................10
PENETRATION TESTING2
Introduction
Penetration test, is also known as pen test, which is known to be simulated cyber-attack
against computer system for exploiting the vulnerabilities. With reference to context regarding
web application security, penetration testing is mainly used for augmentation of a web
application firewall. Pen testing requires the involvement with idea of breaching any number of
the application system. In order to uncover the vulnerabilities, unsanitized inputs which are
susceptible to attacks related to code injection (Dawson and McDonald 2016). Insight given by
penetration test can be used for fine-tuning of WAF security policies, and patch detected
vulnerabilities. Some of the well-known penetration testing methods are external testing, internal
testing, blind testing, double-blind testing and target testing. Penetration testing tools are
considered to be a part of penetration test (Pen Test) which are required for automating different
tasks (Shaukat et al. 2016). It can easily enhance testing efficiency and analyzing various kind of
problem. Two of the common tools for penetration testing are static analysis tools and dynamic
analysis tools.
In the coming pages of report, a comparison has been done regarding various kind of
PenTest methodologies comparison. The next part deals with statutory and legal consideration
which should be taken into account for penetration tester. In addition, the report also highlights
SOP for task 2 and decision making tree.
PenTest Methodologies Comparison
As a result of increase in cyber-attacks, organization have focused on carrying out
security testing of both software application and related products. Penetration testing can be
considered as a widely used technique for vulnerability identification in some of the areas of
system (Baloch 2017). This requires the involvement of some wilful attacks on system for
Introduction
Penetration test, is also known as pen test, which is known to be simulated cyber-attack
against computer system for exploiting the vulnerabilities. With reference to context regarding
web application security, penetration testing is mainly used for augmentation of a web
application firewall. Pen testing requires the involvement with idea of breaching any number of
the application system. In order to uncover the vulnerabilities, unsanitized inputs which are
susceptible to attacks related to code injection (Dawson and McDonald 2016). Insight given by
penetration test can be used for fine-tuning of WAF security policies, and patch detected
vulnerabilities. Some of the well-known penetration testing methods are external testing, internal
testing, blind testing, double-blind testing and target testing. Penetration testing tools are
considered to be a part of penetration test (Pen Test) which are required for automating different
tasks (Shaukat et al. 2016). It can easily enhance testing efficiency and analyzing various kind of
problem. Two of the common tools for penetration testing are static analysis tools and dynamic
analysis tools.
In the coming pages of report, a comparison has been done regarding various kind of
PenTest methodologies comparison. The next part deals with statutory and legal consideration
which should be taken into account for penetration tester. In addition, the report also highlights
SOP for task 2 and decision making tree.
PenTest Methodologies Comparison
As a result of increase in cyber-attacks, organization have focused on carrying out
security testing of both software application and related products. Penetration testing can be
considered as a widely used technique for vulnerability identification in some of the areas of
system (Baloch 2017). This requires the involvement of some wilful attacks on system for
PENETRATION TESTING3
analyzing some of the weak areas. These may provide a proper passage for the unauthorized user
for attacking the system along with altering both integrity and veracity. Penetration testing can
be easily categorized as per the testing approaches which are to be used.
Wide Box Penetration testing: In this, the tester has a complete access and in-depth
knowledge of system that requires to be tested. It is very much useful in order to carry out
penetration testing (Dürrwang et al. 2018). White box penetration testing helps an individual to
carry out the system testing, which has admin or root-level access. It merely includes complete
access to architecture, specification and source code. White box penetration testing stands out to
be bit time-consuming as a result of this approach (Stefinko and Piskuzub 2017). White box
testing aims to provide information with respect to any exploitable flaws in a particular manner.
There are many benefits of white-box security testing procedure.
Black Box Penetration Testing: In this particular penetration testing, a very high level of
information is completely made available to tester. The tester has complete idea regarding both
system and network. This particular approach can miss some of the vital areas at the time of
testing (van den Hout 2019). This particular testing does not require any kind of earlier
information regarding the target network or even application. It is merely carried out by making
use of scenario from real world. In most of the cases, team testing can have an easy access to
some of the application source code or other important elements of the network (Klíma 2016).
This particular testing method enable the security expert to have a look at various level of
security.
Gray Box Penetration testing: Gray box penetration testing merely makes use of the
limited information to the available tester to conduct an attack on the system externally. Gray
box testing can be stated as a combination of white-box testing and black-box testing. This can
analyzing some of the weak areas. These may provide a proper passage for the unauthorized user
for attacking the system along with altering both integrity and veracity. Penetration testing can
be easily categorized as per the testing approaches which are to be used.
Wide Box Penetration testing: In this, the tester has a complete access and in-depth
knowledge of system that requires to be tested. It is very much useful in order to carry out
penetration testing (Dürrwang et al. 2018). White box penetration testing helps an individual to
carry out the system testing, which has admin or root-level access. It merely includes complete
access to architecture, specification and source code. White box penetration testing stands out to
be bit time-consuming as a result of this approach (Stefinko and Piskuzub 2017). White box
testing aims to provide information with respect to any exploitable flaws in a particular manner.
There are many benefits of white-box security testing procedure.
Black Box Penetration Testing: In this particular penetration testing, a very high level of
information is completely made available to tester. The tester has complete idea regarding both
system and network. This particular approach can miss some of the vital areas at the time of
testing (van den Hout 2019). This particular testing does not require any kind of earlier
information regarding the target network or even application. It is merely carried out by making
use of scenario from real world. In most of the cases, team testing can have an easy access to
some of the application source code or other important elements of the network (Klíma 2016).
This particular testing method enable the security expert to have a look at various level of
security.
Gray Box Penetration testing: Gray box penetration testing merely makes use of the
limited information to the available tester to conduct an attack on the system externally. Gray
box testing can be stated as a combination of white-box testing and black-box testing. This can
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
What is Penetration Testing and How Does It Work? -lg...
|12
|2793
|15
Penetration testing or pen testinglg...
|13
|2748
|20
SOP for Penetration Testinglg...
|26
|2681
|31
Pen Test Methodology Comparisonslg...
|11
|2755
|43
Computer Science and Security | Task Reportlg...
|43
|3989
|16
Penetration Testinglg...
|14
|3069
|417