Penetration Testing also known as pen testing is the practice of testing a computer system, network or web application to find security vulnerabilities in the corresponding system. Penetration testing is a fake cyber attack on a computer system that is performed in order to check the security of the system. The test is performed to identify vulnerabilities that includes the potential for unauthorized parties to gain access to the system and strengths enabling a full risk assessment to be completed.
Penetration Testing is a type of security testing that is performed to test the insecure areas of the system or application. The goal of this testing is to find all the security vulnerabilities that are present in the system being tested.
Vulnerability is the risk that an attacker could exploit and gain authorized access to the system or application.
Penetration Testing Process:
Penetration testing process includes five phases:
This phase is also known as planning phase. In this phase important information about the target system is gathered.
In this phase different scanning tools are used to determine the response of the system towards an attack. Vulnerabilities of the system are also checked.
- Gaining Access:
In this phase using the data gathered in the planning and scanning phases, a payload is used to exploit the targeted system.
- Maintaining Access:
This phase requires taking the steps involved in being able to be continuously within the target environment in order to collect as much data as possible.
This phase is about analyzing the whole above phases in order to know the success of test.
Types of Penetration Testing:
- Black Box Penetration Testing
- White Box Penetration Testing
- Grey Box Penetration Testing
Penetration testing can be performed in two ways:
It is carried out by expert professionals using Excel and other tools.
It is performed by less experienced professionals using automated test tools.
Penetration Testing Tools:
1. NMap 2. Nessus
- Software Engineering | Differences between Sanity Testing and Smoke Testing
- Software Engineering | Comparison between Regression Testing and Re-Testing
- Software Testing | Globalization Testing
- Software Testing | Endurance Testing
- Acceptance Testing | Software Testing
- Software Testing | Spike Testing
- Software Testing | Configuration Testing
- Unit Testing | Software Testing
- Gray Box Testing | Software Testing
- Beta Testing | Software Testing
- Sanity Testing | Software Testing
- Stress Testing | Software Testing
- Software Testing | Scalability Testing
- Software Testing | Reliability Testing
- Software Testing | Security Testing