Software Testing Social Network

What is Penetration testing or Pen-Testing?

Nowadays, there are thousands of people, trying to hack your business organization just to have name and fame. So, strict security system is very important for every well known organization. The main reason of frequently breaking down the security system is easily availability of 0 days, hacking tools, and even one click hack tools.

Penetration testing is an innovative system which uses the same way, techniques and also the same tools that the hackers usually use to hack the system of the well known organizations. This process is also known as the ethical hacking. The main idea of the penetration testing is to evaluate the security system in the same way that the hacker will do it. (wiki, 2010)
We will describe the penetration system in the means of four divisions.

They are –
1. The need of a penetration system
2. The third party, that will evaluate the security system.
3. Conducting the penetration system
4. Summary

1. The need of a penetration system:
Pen testing is a very important thing to protect your business organization from being busted by threads. The threads can come from your IT network and also from your own network. So safeguarding your organization is very important. Penetration testing ensures you about this mater. Some shorts of work that is done by penetration testing are –
a. Provide proper delegacy
b. Protect your financial losses
c. Process your legal requirements
d. Protect your critical assets.

2. The third party, that will evaluate the security system:
The main theme of penetration test is to evaluate your security system just as the hackers do. It can’t be done by yourself or from your own organization. So a third party is needed to do this job. It may be done by your employee. But the level of agreements should be filled up before starting. It’s very important because the third party will know how to evaluate your total security system as well as how to hack the total system. In this testing testers are also called ethical hackers or pen testers.

3. Conducting the penetration system:
There are different ways to conduct the penetration testing. In everyone enough documents and details are needed. One of the ways is NIST-800-42. The phases of penetration testing are described below –
Planning:
This is the first stage and in this stage the signing of documents and the rules, terms and conditions are established. The goal, timeframe and the limits and boundaries of the team is determined in this stage.
Discovery:
It is also very important phase for fulfilling the goal of the penetration testing. This is divided into two sub-phases. They are –
Passive:
In this phase, the secret data and information are gathered in a very sophisticated manner. Information gathering also may include surfing the organization's website.
Active:
This is the phase which includes the scanning of network scanning and host scanning. As there are individual networks enumerated, so they should be scanned. They are future probed and can discover all hosts, determine their open ports, and attempt to locate the Is. Nmap is one of the best scanning programs.
Attack:
In this step, the testers try to gain access to the system, they raise their freedom, browse through this total system and finally express their influence.
Reporting:
It is the final and most important phase of the penetration testing. It includes the compilation of all reports and makes a final report. It also includes the corrective actions like adding necessary patches and service packs and excluding unneeded ports.
During the work of the penetration testing, the security teams of the organization should work side by side with them in case of emergency. The team also be always careful of the freedom limit. They shouldn’t cross the limit or don’t perform any kind of test that is not mentioned in the agreement.

Reference:
Wiki. (2010). Penetration test. Available: http://en.wikipedia.org/wiki/Penetration_test. Last accessed 20 May 2010.

< Prev		Next >