Penetration Testing
Information Security Management
Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.
The main objective of Penetration Testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.
A penetration test, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).
Methods
- Targeted testing
- External testing
- Internal testing
- Blind testing
- Double blind testing
Stages
- Planning and reconnaissance
- Scanning
- Gaining access
- Maintaining access
- Analysis
