- BackTrack 4: Assuring Security by Penetration Testing
- Shakeel Ali Tedi Heriyanto
- 370字
- 2021-04-09 21:20:58
Chapter 2. Penetration Testing Methodology
Penetration Testing, sometimes abbreviated as PenTest, is a process that is followed to conduct a hardcore security assessment or audit. A methodology defines a set of rules, practices, procedures, and methods that are pursued and implemented during the course of any information security audit program. Thus, penetration testing methodology defines a roadmap with practical ideas and proven practices which should be handled with great care in order to assess the system security correctly. This chapter summarizes each step of penetration testing methodology with its reasonable description which may help you to understand and focus the testing criteria with the BackTrack operating system environment. The key topics covered in this chapter include:
- Discussion on two well-known types of penetration testing, Black-Box and White-Box
- Exhibiting clear differences between vulnerability assessment and penetration testing
- Explaining the industry acceptable security testing methodologies with their core functions, features, and benefits
- The BackTrack testing methodology incorporating the ten consecutive steps of penetration testing process
- The ethical dimension of how the security testing projects should be handled
Penetration testing can be carried out independently or as a part of an IT security risk management process that may be incorporated into a regular development lifecycle (for example, Microsoft SDLC). It is vital to notice that the security of a product not only depends on the factors relating to the IT environment, but also relies on product specific security's best practices. This involves implementation of appropriate security requirements, performing risk analysis, threat modeling, code reviews, and operational security measurement. PenTesting is considered to be the last and most aggressive form of security assessment handled by qualified professionals with or without prior knowledge of a system under examination. It can be used to assess all the IT infrastructure components including applications, network devices, operating systems, communication medium, physical security, and human psychology. The output of penetration testing usually contains a report which is divided into several sections addressing the weaknesses found in the current state of a system following their countermeasures and recommendations. Thus, the use of a methodological process provides extensive benefits to the pentester to understand and critically analyze the integrity of current defenses during each stage of the testing process.
- 玩轉(zhuǎn)微信
- 3ds Max 2016中文版完全自學(xué)手冊
- Flash CC中文版動畫設(shè)計(jì)與制作/微課堂學(xué)電腦
- Microsoft BizTalk Server 2010 Patterns
- Midjourney從入門到實(shí)戰(zhàn)應(yīng)用
- 3ds Max & Unreal Engine 4:VR三維建模技術(shù)實(shí)例教程(附VR模型)
- PPT 2016幻燈片設(shè)計(jì)與制作從入門到精通
- ASP.NET MVC 2 Cookbook
- NHibernate 2 Beginner's Guide
- Photoshop CS6完美創(chuàng)意設(shè)計(jì):不一樣的圖像藝術(shù)處理
- Word-Excel-PowerPoint 2010三合一辦公應(yīng)用實(shí)戰(zhàn)從入門到精通(超值版)
- 零基礎(chǔ)攝影后期修圖 Photoshop照片處理輕松入門
- 機(jī)械CAD軟件應(yīng)用入門指導(dǎo)書
- Excel數(shù)據(jù)處理與分析:數(shù)據(jù)思維+分析方法+場景應(yīng)用
- Adobe創(chuàng)意大學(xué)Premiere Pro CS5 影視剪輯師標(biāo)準(zhǔn)實(shí)訓(xùn)教材