SOP for Pen Testing - Reflection
Added on 2022-08-12
13 Pages3107 Words17 Views
Professional DevelopmentData Science and Big Data
|
|
|
Running head: SOP FOR PEN TESTING
SOP for Pen Testing
Name of the Student
Name of the University
Author Note
SOP for Pen Testing
Name of the Student
Name of the University
Author Note
SOP FOR PEN TESTING
1
Table of Contents
1. Introduction............................................................................................................................2
2. Types of penetration testing methodologies..........................................................................3
3. Critical Reflection..................................................................................................................4
4. Statutory considerations of a penetration tester.....................................................................4
5. Ethical considerations of a penetration tester.........................................................................5
6. Development of Standard Operation Procedure....................................................................5
7. Decision Making Tree (DMT)...............................................................................................6
8. Conclusion..............................................................................................................................7
9. Reference..............................................................................................................................10
1
Table of Contents
1. Introduction............................................................................................................................2
2. Types of penetration testing methodologies..........................................................................3
3. Critical Reflection..................................................................................................................4
4. Statutory considerations of a penetration tester.....................................................................4
5. Ethical considerations of a penetration tester.........................................................................5
6. Development of Standard Operation Procedure....................................................................5
7. Decision Making Tree (DMT)...............................................................................................6
8. Conclusion..............................................................................................................................7
9. Reference..............................................................................................................................10
SOP FOR PEN TESTING
2
1. Introduction
Pen Testing (PT) is defined as the type of ethical hacking procedure which is
increasingly deployed by the IT experts to arrange and detect the diverse categories of
security threats (Najera-Gutierrez and Ansari 2018). The monitoring necessities of a private
network can be identified with the help of penetration testing. This procedure is very much
useful to improve the network downtime, at the same time it can also be said that different
categories of network security breaches can be minimized with the help of pen testing as
well. There are diverse categories of PT techniques which are increasingly deployed by the
IT experts such as the followings:
Black Box PT: It is defined as the type of testing which is conducted by ethical
hackers who has no knowledge of the system being attacked. The dynamic analysis of
the current situation is analysed with the currently running programs in this
penetration testing.
Network PT: It is defined as the type of ethical hacking procedure which is very
much required to identify the security vulnerabilities of a network (Wolf 2019). This
type of testing can be conducted with the help of diverse categories of software or
manually by the pen testers.
Application PT: The effectiveness of a security protocol can be identified in the first
place with the help of application penetration testing. The probable risks of a network
can be highlighted using this PT.
Wireless PT: It is defined as the type of third party audit procedure to look after the
security of all the wireless devices which exists in an organizational network (Shah et
al. 2019). All the licensed links which are used in the organizational settings are
2
1. Introduction
Pen Testing (PT) is defined as the type of ethical hacking procedure which is
increasingly deployed by the IT experts to arrange and detect the diverse categories of
security threats (Najera-Gutierrez and Ansari 2018). The monitoring necessities of a private
network can be identified with the help of penetration testing. This procedure is very much
useful to improve the network downtime, at the same time it can also be said that different
categories of network security breaches can be minimized with the help of pen testing as
well. There are diverse categories of PT techniques which are increasingly deployed by the
IT experts such as the followings:
Black Box PT: It is defined as the type of testing which is conducted by ethical
hackers who has no knowledge of the system being attacked. The dynamic analysis of
the current situation is analysed with the currently running programs in this
penetration testing.
Network PT: It is defined as the type of ethical hacking procedure which is very
much required to identify the security vulnerabilities of a network (Wolf 2019). This
type of testing can be conducted with the help of diverse categories of software or
manually by the pen testers.
Application PT: The effectiveness of a security protocol can be identified in the first
place with the help of application penetration testing. The probable risks of a network
can be highlighted using this PT.
Wireless PT: It is defined as the type of third party audit procedure to look after the
security of all the wireless devices which exists in an organizational network (Shah et
al. 2019). All the licensed links which are used in the organizational settings are
SOP FOR PEN TESTING
3
verified with the help of this penetration. The role of a wireless engineer is very much
significant to conduct wireless PT.
Client side PT: There are diverse categories of security vulnerabilities which exists in
client software and it has a direct adverse impact on the data which comes in and
moves out of a network. The essential critical assets of a network are assessed with
the help of this PT.
This portfolio shall be focussing on the different categories of PT methodologies,
statutory and ethical considerations of the penetration testers, development of Standard
Operation Procedure (SOP), and the significance of a decision making tree.
2. Types of penetration testing methodologies
There are diverse categories of PM methodologies which are practised by the pen
testers such as the followings:
Data collection: Web page source code analysis is one of the prime ways to collected
data about a target system data (Satria et al. 2018). Information about the use of
database, name of the tables, use of the different versions of software and hardware,
and role of the third party vendors can be understood with the help of the data
collected from web page source code analysis.
Vulnerability assessment: Security vulnerabilities have to be detected from the data
collected from web page source code analysis (Seng, Ithnin and Shaid 2018). The
entry points can be understood from the vulnerability assessment procedure.
Actual exploitation: IT Skills of the experienced penetration testers must be very
much on the higher side to exploit the security vulnerabilities of a network.
3
verified with the help of this penetration. The role of a wireless engineer is very much
significant to conduct wireless PT.
Client side PT: There are diverse categories of security vulnerabilities which exists in
client software and it has a direct adverse impact on the data which comes in and
moves out of a network. The essential critical assets of a network are assessed with
the help of this PT.
This portfolio shall be focussing on the different categories of PT methodologies,
statutory and ethical considerations of the penetration testers, development of Standard
Operation Procedure (SOP), and the significance of a decision making tree.
2. Types of penetration testing methodologies
There are diverse categories of PM methodologies which are practised by the pen
testers such as the followings:
Data collection: Web page source code analysis is one of the prime ways to collected
data about a target system data (Satria et al. 2018). Information about the use of
database, name of the tables, use of the different versions of software and hardware,
and role of the third party vendors can be understood with the help of the data
collected from web page source code analysis.
Vulnerability assessment: Security vulnerabilities have to be detected from the data
collected from web page source code analysis (Seng, Ithnin and Shaid 2018). The
entry points can be understood from the vulnerability assessment procedure.
Actual exploitation: IT Skills of the experienced penetration testers must be very
much on the higher side to exploit the security vulnerabilities of a network.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
What is Penetration Testing and How Does It Work? -lg...
|12
|2793
|15
SOP for Penetration Testinglg...
|26
|2681
|31
Computer Science and Security | Task Reportlg...
|43
|3989
|16
Penetration testing or pen testinglg...
|13
|2748
|20
Penetration Testing Report And Managementlg...
|12
|2862
|10
Penetration Testing Assesment Reportlg...
|11
|2643
|13