Today's Updates:

Tuesday, June 10, 2014

What is Penetration Testing in software Testing?


What is Penetration Testing?
It is the method of testing where the areas of weakness in software systems in terms of security are put to test to determine, if ‘weak-point’ is indeed one, that can be broken into or not.
Performed for: Websites/Servers/Networks

How is it performed?
  • Step #1. It starts with a list of Vulnerabilities/potential problem areas that would cause a security breach for the systems.
  • Step #2. If possible, this list of items has to be ranked in the order of priority/criticality
  • Step #3. Devise penetration tests that would work (attack your system) from both within the network and outside (externally) to determine if you can access data/network/server/website unauthorized.
  • Step #4. If the unauthorized access is possible, the system has to be corrected and the series of steps need to be re-run until the problem area is fixed.

Who performs Pen-testing?
  • Testers/ Network specialists/ Security Consultants
  • Note: it is important to note that pen-testing is not the same as vulnerability testing. The intention of vulnerability testing is just to identify potential problems, whereas pen-testing is to attach those problems.
  • Good news is, you do not have to start the process by yourself – you have a number of tools already in the market.  Why tools, you ask?
  • Even though you design the test on what to attack and how, you can leverage a lot of tools that are available in the market to hit the problem areas and collect data quickly that enables effective security analysis of the system.
  • Before we look into the details of the tools, what they do, where can you get them, etc. , I would like to point out that the tools you use for pen-testing can be classified into two kinds – In simple words they are: scanners and attackers. This is because; by definition pen-testing is exploiting the weak spots. So there are some software/tools that will show you the weak spots, some that show and attack. Literally speaking, the ‘show-ers’ are not pen-testing tools but they are inevitable for its success.

Top Penetration Testing Tools:
  • Metasploit 
  • Wireshark
  • w3af
  • CORE Impact
  • Back Track
  • Netsparker
  • Nessus
  • Burpsuite
  • Cain & Abel
  • Zed Attack Proxy (ZAP)
  • Etc..


Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Related Posts Plugin for WordPress, Blogger...