- BackTrack 4: Assuring Security by Penetration Testing
- Shakeel Ali Tedi Heriyanto
- 350字
- 2021-04-09 21:21:00
Summary
In this chapter, we have discussed a detailed penetration testing methodology with its various views from the development lifecycle and risk management process. We have also described the basic terminology of penetration testing, its associated types, and the industry contradiction with other similar terms. The summary of these key points has been highlighted below:
- There are two types of penetration testings, namely, black-box and white-box. Black-box approach is also known as "external testing" where the auditor has no prior knowledge of the target system. White-box approach refers to an "internal testing" where the auditor is fully aware of target environment. The combination of both types is known as gray-box.
- The basic difference between vulnerability assessment and penetration testing is that the vulnerability assessments identify the flaws that exist on the system without measuring their impact, while the penetration testing takes a step forward and exploits these vulnerabilities in order to evaluate their consequences.
- There are a number of security testing methodologies, but a very few provide stepwise and consistent instructions on measuring the security of a system or application. We have discussed four such well-known open source security assessment methodologies highlighting their technical capabilities, key features and benefits. These include Open Source Security Testing Methodology Manual (OSSTMM), Information Systems Security Assessment Framework (ISSAF), Open Web Application Security Project (OWASP), and Web Application Security Consortium Threat Classification (WASC-TC).
- We have also presented a structured BackTrack testing methodology with a defined process for penetration testing. This process involves a number of steps which have been organized according to the industry approach towards security testing. These include Target Scoping, Information Gathering, Target Discovery, Enumerating Target, Vulnerability Mapping, Social Engineering, Target Exploitation, Privilege Escalation, Maintaining Access, and Documentation and Reporting.
- Finally, we have discussed the ethical view of penetration testing that should be justified and followed throughout the assessment process. Putting ethics on every single step of assessment engagement leads to a successful settlement between auditor and business entity.
The next chapter will guide you through the strategic engagement of acquiring and managing information taken from the client for the penetration testing assignment.
推薦閱讀
- 現代企業應用設計指南
- 影視動畫場景與特效制作:3ds Max-Vue-AfterBurn-FumeFX
- Adobe創意大學After Effects產品專家認證標準教材(CS6修訂版)
- 計算機圖形圖像處理Photoshop CS6項目教程
- 邊做邊學:平面廣告設計與制作(Photoshop 2020+Illustrator 2020·第3版·微課版)
- 中文版Photoshop CC平面設計實用教程
- Implementing SugarCRM 5.x
- Photoshop插畫藝術火星風暴
- 新印象:CINEMA 4D電商設計基礎與實戰(全視頻微課版)
- ANSYS Workbench中文版超級學習手冊
- 中文版AutoCAD 2022從入門到精通
- Learning Ext JS
- UG NX 11中文版從入門到精通
- HBase企業應用開發實戰
- 從零開始:Photoshop CS6中文版基礎培訓教程