Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
*****
username
LOGIN
WIRELESS
PENETRATION TESTING
That was too easy.
Got it!
TEST Co.
PHISHING
DUMPSTER
DIVING
FACILITY
AC...
Upcoming SlideShare
Loading in …5
×

0

Share

Download to read offline

Infographic: Penetration Testing - A Look into a Full Pen Test Campaign

Download to read offline

A thorough penetration testing campaign involves social engineering, vulnerability scanning, and the manual hacking of computer systems, networks, and web applications. Follow this infographic to learn more about the various elements of a complete penetration test.

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Infographic: Penetration Testing - A Look into a Full Pen Test Campaign

  1. 1. ***** username LOGIN WIRELESS PENETRATION TESTING That was too easy. Got it! TEST Co. PHISHING DUMPSTER DIVING FACILITY ACCESS PRETEXTING THE PATH OF PENETRATION TESTING VULNERABILITY SCANNING Discovery of weaknesses Pretexting involves the use of telephone calls to either obtain information or convince the user to unintentionally perform a malicious action. This is one of the most commonly used forms of social engineering. If not properly discarded, sensitive information may be discovered by hackers in waste receptacles and dumpsters. • Printed emails, expense reports, credit card receipts, travel information, etc. • Network or application diagrams, device inventory with IP addressing, etc. • Contact lists, notebooks, binders, or other work papers containing sensitive information Hackers may rely on a physical approach to complement their technical attacks. • Piggy backing: A hacker’s method of entering a facility with a group of employees or maintenance workers • Identifying unsecure areas: Hackers search for loading docks, maintenance entrances, designated smoking areas, or other locations that may not be well secured. Phishing is the process of crafting emails that appear to be from a trusted source and typically invite the recipient to either supply confidential information or click on a malicious link or attachment. PEAR.XMLRPC.XML.File.Code.Injection MS.IIS.ISAPI.Extension.Buffer.Overflow Ajax.File.Browser.approot.Parameter.File.Inclusion HTTP.Negative.Data.Length PHP.PHPInfo.Cross.Site.Scripting MS.Windows.CMD.Reverse.Shell HTTP.URI.SQL.Injection Vulnerability scanning is an automated process that utilizes tools to seek known security vulnerabilities in your systems. Scans are used to assess your company’s network security health and provide insight into risks that may directly impact your organization. NETWORK SECURITY HEALTH Penetration testing is a proactive approach to discovering exploitable vulnerabilities in computer systems, networks, and web applications. Manual penetration testing goes beyond automated scanning and into complex security exploitation. Gaining a thorough understanding of vulnerabilities and risks enables the remediation of issues before an attacker is able to interrupt business operations. Web applications often process and/or store sensitive information including credit cards, personal identifiable information (PII), and proprietary data. Applications are an integral business function for many organization, but with that functionality comes risk. Penetration testing provides visibility into the risks associated with application vulnerabilities. Infrastructure penetration testing identifies security weaknesses within your network, as well as the network itself. Testers search to identify flaws such as out of date software, missing patches, improper security configurations, weak communication algorithms, command injection, etc. Infrastructure penetration tests often include the testing of firewalls, switches, virtual and physical servers, and workstations. PROACTIVE SECURITY PENETRATION TESTING Manual exploitation MarketingDept. Finance & Accounting Dept. WEB APPLICATIONS NETWORK & INFRASTRUCTURE TEST Co. VPN HACK #1 Wireless capabilities can provide opportunities for attackers to infiltrate an organization’s secured environment - regardless of certain access and physical security controls. Wireless pen testing provides a map of access points in the wireless landscape. After gaining access to the wireless network, penetration testers attempt to exploit weaknesses in the network to gain access to privileged areas and demonstrate the potential impact of a wireless network breach. A thorough penetration testing campaign involves social engineering, vulnerability scanning, and the manual hacking of computer systems, networks, and web applications. Follow this infographic to learn more about the various elements of a complete penetration test. For more penetration testing information or to request a quote, visit https://integritysrc.com/penetration-testing-services or call 515-965-3756 ext.3. SOCIAL ENGINEERING The hacking of humans REPORTS Executive and technical Penetration testers perform assessments, interpret the results, and provide reports for the tested organization. Reports should function as a guide; providing valuable information that prompts action.

A thorough penetration testing campaign involves social engineering, vulnerability scanning, and the manual hacking of computer systems, networks, and web applications. Follow this infographic to learn more about the various elements of a complete penetration test.

Views

Total views

902

On Slideshare

0

From embeds

0

Number of embeds

12

Actions

Downloads

15

Shares

0

Comments

0

Likes

0

×