- BackTrack 4: Assuring Security by Penetration Testing
- Shakeel Ali Tedi Heriyanto
- 350字
- 2021-04-09 21:21:00
Summary
In this chapter, we have discussed a detailed penetration testing methodology with its various views from the development lifecycle and risk management process. We have also described the basic terminology of penetration testing, its associated types, and the industry contradiction with other similar terms. The summary of these key points has been highlighted below:
- There are two types of penetration testings, namely, black-box and white-box. Black-box approach is also known as "external testing" where the auditor has no prior knowledge of the target system. White-box approach refers to an "internal testing" where the auditor is fully aware of target environment. The combination of both types is known as gray-box.
- The basic difference between vulnerability assessment and penetration testing is that the vulnerability assessments identify the flaws that exist on the system without measuring their impact, while the penetration testing takes a step forward and exploits these vulnerabilities in order to evaluate their consequences.
- There are a number of security testing methodologies, but a very few provide stepwise and consistent instructions on measuring the security of a system or application. We have discussed four such well-known open source security assessment methodologies highlighting their technical capabilities, key features and benefits. These include Open Source Security Testing Methodology Manual (OSSTMM), Information Systems Security Assessment Framework (ISSAF), Open Web Application Security Project (OWASP), and Web Application Security Consortium Threat Classification (WASC-TC).
- We have also presented a structured BackTrack testing methodology with a defined process for penetration testing. This process involves a number of steps which have been organized according to the industry approach towards security testing. These include Target Scoping, Information Gathering, Target Discovery, Enumerating Target, Vulnerability Mapping, Social Engineering, Target Exploitation, Privilege Escalation, Maintaining Access, and Documentation and Reporting.
- Finally, we have discussed the ethical view of penetration testing that should be justified and followed throughout the assessment process. Putting ethics on every single step of assessment engagement leads to a successful settlement between auditor and business entity.
The next chapter will guide you through the strategic engagement of acquiring and managing information taken from the client for the penetration testing assignment.
推薦閱讀
- Alfresco Developer Guide
- 3ds Max 2016中文版完全自學手冊
- Irrlicht 1.7 Realtime 3D Engine Beginner's Guide
- Visio圖形設計從新手到高手(兼容版·第2版)
- Alice 3 Cookbook
- MLOps實戰:機器學習模型的開發、部署與應用
- Liferay User Interface Development
- Photoshop CC從入門到精通(全彩超值版)
- ANSYS 15.0有限元分析自學手冊
- Elasticsearch實戰與原理解析
- 碼上學會:中文版Creo 3.0機械設計全能一本通(雙色版)
- Elgg Social Networking
- 虛擬現實:沉浸于VR夢境
- Unity 3D游戲開發(第2版)
- 攝影師的后期必修課(RAW格式篇)