Penetration Testing also known as pen testing is the practice of testing a computer system, network or web application to find security vulnerabilities in the corresponding system. Penetration testing is a fake cyber attack on a computer system that is performed in order to check the security of the system. The test is performed to identify vulnerabilities that includes the potential for unauthorized parties to gain access to the system and strengths enabling a full risk assessment to be completed.
Penetration Testing is a type of security testing that is performed to test the insecure areas of the system or application. The goal of this testing is to find all the security vulnerabilities that are present in the system being tested.
Vulnerability is the risk that an attacker could exploit and gain authorized access to the system or application.
Penetration Testing Process:
Penetration testing process includes five phases:
This phase is also known as planning phase. In this phase important information about the target system is gathered.
In this phase different scanning tools are used to determine the response of the system towards an attack. Vulnerabilities of the system are also checked.
- Gaining Access:
In this phase using the data gathered in the planning and scanning phases, a payload is used to exploit the targeted system.
- Maintaining Access:
This phase requires taking the steps involved in being able to be continuously within the target environment in order to collect as much data as possible.
This phase is about analyzing the whole above phases in order to know the success of test.
Types of Penetration Testing:
- Black Box Penetration Testing
- White Box Penetration Testing
- Grey Box Penetration Testing
Penetration testing can be performed in two ways:
It is carried out by expert professionals using Excel and other tools.
It is performed by less experienced professionals using automated test tools.
Penetration Testing Tools:
1. NMap 2. Nessus
- Penetration Testing Execution Standard (PTES)
- Software Engineering | Differences between Sanity Testing and Smoke Testing
- Software Engineering | Comparison between Regression Testing and Re-Testing
- Difference between Software Testing and Embedded Testing
- Software Testing | Static Testing
- Software Testing | Portability Testing
- Acceptance Testing | Software Testing
- Software Testing | Dynamic Testing
- Sandwich Testing | Software Testing
- Software Testing | Security Testing
- Beta Testing | Software Testing
- Gray Box Testing | Software Testing
- Smoke Testing | Software Testing
- Software Testing | Load Testing
- Software Testing | Fuzz Testing
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.