Penetration testing is testing how well the system is protected against unauthorized external access, willful damage and internal access. Penetration testing usually requires refined testing techniques.Penetration testing is a popular worldwide service used in the field of information security. The essence of such work is authorized by an attempt to avoid the existing set of security information system. During this testing, the auditor plays the role of attacker, motivated in violation of network security customer. As a rule, subjected to intensive testing technical means of protection of corporate networks, depending on the set of conditions can be evaluated, and other aspects of security, for example the level of user awareness (Krutz, Russell, 2003, p. 45).
Steps in Penetration testing
Step 1 - Reconnaissance
It involves the gathering of information about the target system to access the target system. This information can be used to design a series of test cases to verify the specified functionality. However the sources of information available on planning are severely limited. Penetration test, it's not verifying functionality, but rather to ensure the absence of unsafe features. Unfortunately, nobody has identified artefacts of software development for these behaviors (Peltier, 2001, p. 345). The testers must cope.
Step 2 - Scanning
This stage determines where hacker scans the network with specific information gathered from the reconnaissance phase. The first place to collect information on the penetration test is in the interfaces between the software and its external environment. User interfaces, network interfaces, APIs and all other places where the entries are processed are easy attack vectors for hackers. If any of these interfaces is poorly designed or implemented, they may allow entry of malicious entries and cause havoc (Dhillon, 2007, p.89). Identify and describe these interfaces is a good way to start the penetration test. The second area requiring attention are the error messages and dialog boxes warning users that communicate information to external users of the software. Since such users may have malicious intent, it is important to understand what information they are revealed and how they are communicated.After successful completion of this task, they move to the evaluation of network security from malicious insiders are already coordinating their actions with the administrators of the system.
Step 3 - Gaining and Maintaining Access
It is the step where the hacker attempts to gain access to the target systems or network. The exploit could occur over a LAN, the internet, offline or as deception or theft.Finally, penetration testers often define incident scenarios specifying what a successful attack should look like. These cases of misuse (or abuse if you prefer) are often derived from a model or threat of attacks already known. Collecting information from these three sources is a crucial study work for a penetration test and guide through the actual test.
Step 4 -Clearing Tracks
The final stage of involves the is checking whether the ethical hacker erased or covered the mark that has been created in earlier stages of the ...