Penetration testing part1
English | Size: 2.1 GB
Category: HACKING
Penetration testing (also known as pen testing) is the way that companies and organisations simulate attacks like real intruders on their infrastructure, systems and people. Many organisations follow different methodologies to carry out penetration testing
This post is about how companies large and small typically do pen testing, what standards they follow and software used to conduct pen testing. We will also look at what kind of networking resources are required.
Definitions of penetration testing according to multiple international standards
As per Wikipedia:
A penetration test, informally pen test, is an attack on a computer system that looks for security weaknesses, potentially gaining access to the computer’s features and data.
As per Open Web Application Security Project (OWASP):
penetration testing has been a common technique used to test network security for many years. It is also commonly known as black box testing or ethical hacking. Penetration testing is essentially the art of testing a running application remotely, without knowing the inner workings of the application itself, to find security vulnerabilities.
As per Core Security:
a penetration test, or pen test, is an attempt to evaluate the security of IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in the operating system, services, in application flaws, improper configurations, or risky end-user behaviour. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies.
As per the popular website penetration testing tools:
penetration testing can be described as a legal and authorised attempt to locate and successfully and efficiently exploit computer systems for the purpose of understanding how to make those systems more secure and protected.
What is the difference between Penetration Testing & Vulnerability Assessment?
You may hear these both terms commonly in the security world it is important to understand the difference between them.
A vulnerability assessment is limited to identifying the vulnerabilities in the system using automated and manual processes and reporting on them without trying to exploit the vulnerability. On the other hand, a penetration test typically continues until you gain the system access (or run out of ways to try) and to achieve the objective of the penetration test e.g. getting access to the domain controller or sensitive information such as credit card data, etc.
A vulnerability assessment is to validate the vulnerabilities existing in the environment by using automated tools and then providing suggestions for mitigation to protect all it uncovers. Whereas a pen test is used to check an organisations security threats in from an attacker’s perspective.
In my opinion this is more helpful as security teams in the organisations may not look at all vulnerabilities as external pen testers. In some cases, pen testers can make use of techniques like social engineering to exploit operational security issues in the organisation too.
An excellent resource to understand the difference is this blog post from Daniel Miessler
DOWNLOAD:
http://rapidgator.net/file/9cc3bed49fcdbd2e829ebe1cb157f096/Penetration_testing_part1.part1.rar.html
http://rapidgator.net/file/ed2fbed99d2eea3deae0ade11b5ae298/Penetration_testing_part1.part2.rar.html
http://rapidgator.net/file/00e0baba19ce3379761e2b150d70ff7b/Penetration_testing_part1.part3.rar.html
http://rapidgator.net/file/90100d59f946f090912b3443f7077401/Penetration_testing_part1.part4.rar.html
http://alfafile.net/file/vRxN/Penetration%20testing%20part1.part1.rar
http://alfafile.net/file/vRxi/Penetration%20testing%20part1.part2.rar
http://alfafile.net/file/vRx3/Penetration%20testing%20part1.part3.rar
http://alfafile.net/file/vRQs/Penetration%20testing%20part1.part4.rar
If any links die or problem unrar, send request to http://goo.gl/aUHSZc
Leave a Reply