Thursday, September 12, 2013

Penetration Testing

Share it Please

Penetration testing  mean to gain access to user account without authorization it mean illegally access to user account without knowledge of user name and passwords and other normal mean if access.  Penetration means we focus on computer resource and provide the security of confidential data and document and protect the information from outside threat.

The penetration testing will have permission from the owner of the computing resource that are being tested and will be responsible to provide a report. The main purpose of penetration test is providing the security of computer resource. In much other case a penetration tester will be given user level access and in those cases the goal would be to elevate the status of the account or user other mean to gain the access to additional information that a user of that level should not have access to. Presentation tester are contracted to find one hole but in many cases they are expected to keep looking past the first hole so that additional vulnerabilities can be identified and fixed. It is important for penetration tester to keep the noted detail how the test were done so that the result  can be verified and so that any issues that were uncovered can be resolved in penetration.

But some time user has confusion about penetration testing and vulnerability assessment. These two term are more close to each other but penetration testing has ongoing much access than while vulnerability testing places testing. While vulnerability testing place on identifying areas that are vulnerable to a computer attack. When vulnerability scanner will often identify possible vulnerabilities based server banners. When a penetration tester will go as so far as they can within the scope of the contract then as vulnerability assessor will stop just before compromising a system.  Penetration test is like any other test in the sense that it is a sampling of all possible system and configuration. When a contractor hired to test only for single system than they will be unable to identify and penetration all possible system using all possible vulnerabilities.

Penetration tester and vulnerability scanner both identify the vulnerabilities.  The steps are similar for both security tester and unauthorized attacker. Penetration tester process slowly so that the target company can learn where the detection threshold is and make improvement also attacker may choose to proceed more slowly to avoid the detection.

ISO 27001 UK standard gives information security management recommendations for those who are responsible for initiating, implementing or maintaining security.

No comments:

Post a Comment