How and where to start penetration testing

How and where to start penetration testing

How and where to start penetration testing

  • Posted by: Marketing
  • 20/12/2018

Penetration Testing

Penetration testing helps simulate behavior of a hacker through "White Hat" personnel, who injects malicious load or traffic into the system under test - to expose the vulnerabilities so that these observed vulnerabilities are resolved. This helps us to make the system robust from a security point of view.

In the current scenario where all websites and applications are increasingly exposed to a larger number of people, the risk of these applications getting hacked is even greater. White Hat hacker or penetration testers help prevent applications from such security threat.

Environment and Tools

There are several tools in the market which are useful for penetration testing but just knowing these tools is not enough. A comprehensive understanding of application and environment is required to be a competent penetration tester. The environment includes network, application flow, application architecture, access of application over web, browser interaction, protocols etc. Without in depth knowledge of this, simply using these tools is not going to suffice in security testing.

There are plenty of tools available for penetration testing, these include both open source as well as licensed ones.

Following is selected list of various tools used for penetration testing:

  • Kali Linux
  • Rapid7
  • AppScan
  • Nessus
  • BurpSuit
  • Metaspoilt
  • Nmap

There are several tools which we can use for our specific tests, selection of tools will depend on various criteria such as:

  • Operating System (Windows, Linux, Unix, etc.)
  • Vulnerabilities to be tested (Application, web based etc.)
  • Testing budget (open source tool, licensed tool, mixed approach)
  • Network types to be scanned
  • Devices to be scanned

Permissions to execute penetration testing

It is unlawful to put malicious payload or traffic into any network or system. Hence if this activity is to be conducted for legitimate purposes, for example penetration testing written permission is required from the owner of the system where penetration testing is to be conducted.

Project Management

Penetration testing needs to be treated as a project with well-defined steps / procedures. This will help us prepare for unplanned shocks. Timely planning will also help prevent scope creep and results can be used for later projects.

In a nutshell we can say that penetration testing is a necessity nowadays, even warranted by clients or government agencies. A thorough project management approach with initiation, planning, budgeting, resourcing, execution, and control phases need to be planned to make it a fruitful exercise.

About Author

Espire

Marketing

Espire Infolabs is a global technology services company empowering businesses to drive growth with their customer experience and content services including digital content management, customer communication management, and content collaboration combined with integration, cloud, enterprise solutions, analytics, and robotic process automation.