Course Hero Logo

PENETRATION TESTING.pptx - PENETRATION TESTING Outline •...

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 1 - 10 out of 34 pages.

PENETRATION TESTING
OutlineDefinition of penetration testingdifferent phases of a penetration attack such as planning, discovery,the attack itself and the reporting.Different tools used when conducting a penetration test
DefinitonThe National Institute forSecurity and Technology definition:Security testing in which assessors mimic real-world attacks to identifymethods for circumventing the security features of an application, asystem, or a network.It often involves launching real attacks on real systems and data withtools and techniques commonly used by hackers
Importance of Pen TestingTo identify vulnerabilities and ensure the cyber controls in place areworking.Security training for network staffTesting new technology implementation
Operating Systems for Pen TestsDesktopWindows OSUnix,LinuxMacOS.Chrome OS and Ubuntu, but not nearly as frequentlyas the top three.PhonesAndroidiOSandBlackBerry OS.Windows Mobile
Approaches in Penetration Testinginternal employee versus an external hacker.Eighty percent of attacks happen internally to companies, so itbecomes important to test the system as if you were an employee oran ex-employee.Already having access to some of these tools can get you a lot furtherthanif you were an external, which you would just use the mostcommon or appropriate tools that an external hacker would use.
Approaches in Penetration Testingweb or mobile applicationsThese assessments often include making sure that the code is secureand up-to-date with the security policy.There's a lot of authentication and password cracking attempts to tryand test the vulnerabilities there.
Approaches in Penetration TestingSocial EngineeringSocial engineering is creating almost a feeling or a mentality of anxietywithin somebody to gain access to information that you normally wouldn’t.Historically, social engineering can be phishing attacks with emails, but theycan also be phone calls, they can be in-person.Often they're done through providing threats, ultimatums, misinformation,creating senses of urgency, escalating, and all around creating a situation inwhich you're getting somebody to divulge information or to gain access tosomething you wouldn't normally have access to.
Approaches in Penetration TestingWireless NetworksSo we know most companies will have an internal wireless network for all of itsemployees to use, so it becomes very important that we test that and make sure that it'scomplying with the security policy.Since every employee is connecting to that internal network, often they'll try and usetheir own devices, whether their phones or computers.So those all become areas of vulnerabilities for us to test.Even beyond people, things are now always connected to the Internet be it webcams, orthermostats, or even coffee makers connect to the network now.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 34 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
steve
Tags
Computer Security, penetration testing, Penetration test

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture