SlideShare a Scribd company logo

Hybrid model for penetration testing

Happiest Minds Technologies
Happiest Minds Technologies

Happiest People Happiest Customers A Hybrid Model for Penetration Testing: Leveraging the Benefits of both Automated and Manual Testing

Technology
1 of 8
Download to read offline
Happiest People Happiest Customers A Hybrid Model for Penetration Testing: Leveraging the Benefits of both Automated and Manual Testing
Contents © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved2 Introduction.......................................................................................................................................,...3 Automated Testing or Manual Intervetion?...........................................................................................6 Comparing the Two...............................................................................................................................4 Manual and Automated Testing at a Glance.........................................................................................5 Conclusion: Not Automated OR Manual, but Automated AND Manual.................................................5 About the Author....................................................................................................................................8
Introduction Everyone remembers Sony Pictures Entertainment’s nightmare in late 2014. Attackers hacked terabytes of data after deleting the original copies from Sony computers. Recent estimates indicate that the incident has already cost Sony USD 15 million, and still counting. With the burgeoning usage of networking technologies, data breaches have become common today. A recent study conducted by the Ponemon Institute reported that the average cost of data breach to a company was USD 3.5 million in 2014, 15% more than the previous year. The high cost of data loss, business outage, and disruption in business processes, as well as the escalating costs of recovery from security breaches make it vital for organizations to have strong security measures in place. One such widely implemented and effective precautionary measure is Penetration Testing (or pen testing as it is popu- larly called). The objective of a pen test is to determine if an application/network/infrastructure can withstand an intrusion attempt—it involves simulating an attack on your system, with the pen tester seeking to deliberately exploit exposed vulnerabilities. The pen test, thus, provides specific information on the flaws in an application or system, pointing to the data that could be compromised and the resulting business impact. This exercise enables you to explore multiple attack vectors on the same target. Pen testing works on the premise that hackers have a deeper knowledge of network vulner- abilities than the organization that runs the networks. And the pen tester seeks to replicate these ‘attacks’ and exploit your vulnerabilities. Pen tests are conducted with knowledge of the organization, and a variety of tools and techniques are used to bypass security controls, pinpoint technical flaws in coding, and identify business logic vulnerabilities. The concluding step is the reporting and remediation of issues discovered during the test. © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved3
When it comes to penetration testing, there are any number of automated tools available in the marketplace—both the high-priced sophisticated lot, and their inexpensive counterparts that are just about adequate. However, the ideal pen test is more than just a series of automated tests ticked off on a checklist. The effective pen test goes beyond the technical to test business logic vulnerabilities as well. It studies the vulnerability of your entire system and not just isolated, discrete functionalities. In short, the ideal pen test is one that uses automated tools, but is led by human intelligence and insight. Automated tools for penetration testing are efficient and consistent, but complementing them with manual testing ensures complete coverage. Combining the two offers comprehensive coverage, both breadth (automated) and depth (manual) Automated tools can identify simple and well-known forms of the common technical vulnerabilities. The more complex vulnerabilities, those related to appli- cation logic or security functionality design require manual intervention. Identifying and analyzing business logic vulnerabilities, for instance, require a skilled manual tester who can understand the logical flow. Consider this example—an application might direct the user from point A to point B to point C, where point B is a security valida- tion check. A manual review of the application, however, might show that it is possible to go directly from point A to point C, bypassing the security validation entirely. Automated Testing or Manual Intervention? Comparing the Two © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved4 Combining automated and manual testing increases staff productivity. For example, if you assume a single security professional makes $100,000 per year and is spending 25% of his time on creating exploits and running manual pen tests, this represents an annual cost of $25,000. This cost can be reduced by automating the test and then supporting it with human intervention where required. In addition, a tool typically tends to focus on a particular area of vulnerability or individual flaw, necessitating multiple pen testing tools. With manual testing, you can not only examine specific flaw categories, but also identify specific application vulnerabilities within the scoped domains. Further, automated testing tools cover certain vulnerability types and not all. According to the MITRE Corporation , automated tools cover only 45% of the known vulnerability types. Hence, the remaining 55% requires manual intervention In addition, a tool typically tends to focus on a particular area of vulnerability or individual flaw, necessitating multiple pen testing tools. With manual testing, you can not only examine specific flaw categories, but also identify specific application vulnerabilities within the scoped domains. Further, automated testing tools cover certain vulnerability types and not all. According to the MITRE Corporation , automated tools cover only 45% of the known vulnerability types. Hence, the remaining 55% requires manual intervention. Manual intervention reduces the false positives generated in automated testing results Automated tests generally result in a high number of false positives. This then demands manual verification for false alarms, since false positives can lead to wasted effort in remediation. Ideally, an automatic tool can perform the bulk of the assess- ment, followed by human evaluation of the results in order to reduce the number of false positives. Manual testing is ‘safe’ testing Automated testing tools can only perform the regimen of tests designed. It normally does not take into account data damage, data loss, impact on application or other resultant scenarios. Context-dependent testing is possible only with manual interven- tion, where a tester studies the application in the context of its functionality and its interdependencies to obtain precise results. Any disruption to business processes resulting from a pen test can be controlled and rectified by manual testers.
Automated testing offers speed and efficiency However, standalone manual testing is not exhaustive enough to uncover all vulnerabilities, especially where you require hundreds of iterations to identify patterns. Some smart measures and tools can improve a manual tester’s efficiency, for example, by enabling the automation of a series of steps that, if undertaken manually, would be long-drawn and impracti- cal. Or short code snippets could be run to test iterating logic or conditions. Automated testing is more predictable and consistent because it does not depend on skill of tester Automated testing results produces consistent results over time. There is close to zero discrepancy between two or more executions of the same test. It is fairly predictable. Manual tests, on the other hand, may be erroneous and are only as good as the expertise of the tester. Tools are updated faster than human knowledge and skill Remember that a manual tester is only as good as his skill and expertise. Unless he constantly updates himself with knowledge of new threats, his testing will not be exhaustive and complete. In this, he can be ably assisted by sophisticated automated tools that are regularly updated to combat new threats. Automatic tools are patched regularly with new technol- ogies, techniques, or additional functionalities. While these updates do depend on the vendors, a pen tester learning new techniques and feeding the test methodology back to the system can compensate for the wait time. In this way, one kind of testing can constantly make up for and support the other. Banking industry is going through a phase of commoditization. In today’s scenario, differentiated and delightful customer experience has become more important than just providing financial services. To grab a bigger piece of the cake, banking industry has to understand the unstated needs of the custom- er the way airlines understands the preferences of the frequent flyers or the retailers understand the likes/dislikes of their customers, without even taking direct feedback of the customer. Each and every day, new devices / technologies are providing various customer touch points. Every time customers touch a computer or a screen, they are providing an information trail and it's banks’ responsibility to understand how they use this trail to move their bottom line upwards. Traditionally, banks spent most of their efforts, time and money on transaction execution, which is nothing but has © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved5 Conclusion: Not Automated OR Manual, but Automated AND Manual Manual and Automated Testing at a Glance Parameters Testing process Coverage Safe testing Training Logging/Auditing Determining ROI Manual testing Automated testing Labor-intensive and time consuming Depth Contextual and hence safe Invest in training to learn techniques and skills Slow and cumbersome Often difficult to measure the productivity and efficiency of a manual tester Fast, easy and efficient Breadth Context independent and unaware Easy to use Automatic tracking and management Easy measurement and comparison of auto- mated testing results
© Happiest Minds Technologies Pvt. Ltd. All Rights Reserved6 Broad Superficial Inexpensive Efficient Context-independent Specific Deep Focused Expensive Time-consuming Contextual Holistic Automated Testing Manual Testing • Coverage: breadth and depth • Cost-efficient • Detailed, but efficient • Contextual and safe • Holistic view of business vulnerabilities and impact Automated + Manual become a very basic feature of their overall service. While providing expedient, consistent and precise transaction processing ability is still critical, we believe that banks can learn from how retail-ers see the customers’ journey through an Omni-channel lens. Banks now need to rethink the way customers are being valued, may be from the angle of the industries that greatly value customer experience. A tightly coupled multichannel may provide a share of customer’s pocket, but successful implemen- tation of Omni-channel can surely increase the size of the share though competitive advantage and also can help them to retain the same share for a longer period of time. Millionaires aren’t the only ones who want to bank whenever or wherever they want, irrespective of the branch location or the business hours. Customers from all generation, income groups, and coun- tries could make a transaction online one day, and another day, the same transaction through mobile or ATM - or they could start a transaction on any of these channel then continue on another and finish it on different channel. Multichannel gives the flexibility to hop between channel, but not the continuation of the transactions among multiple channels. So, this represent a remarkable chal- lenge for the financial institutions, which are often involved in multiple types of banking such as retails, finance, corporate, mortgage etc...
129 12 © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved7 As the figure above shows, the ideal pen test is one that innovatively combines automated and manual testing techniques, leveraging the benefits of both, and combining together to achieve great- er efficiency and accuracy than when individually performed. This is an evolving model assuring cov- erage of all vulnerability areas, zero false positives, higher efficiency, and accuracy. Ensure that you pen test your systems and applications regularly—new vulnerabilities can creep in at any time, with software updates, evolving threats and new methods of attacks; and you do not want to discover these vulnerabilities when you are under attack!
129 12 © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved About the Author Happiest Minds Manoj Rai has around 14 years of IT experience in Enterprise Applications, Mobile and Infrastructure security. Has rich and diverse global experience in leading large engagements and building deep tech- nology expertise in security testing domain. Manoj is a Bachelor of Engineering in Computer Science with MBA in Systems and Executive Delivery Program from IIM-Bangalore. A regular speaker on various technical subjects like Ethical Hacking, Mobile security, Secure SDLC and Cloud Security areas in CISO platforms, OWASP, BLUG, NULL etc. Has been a regular blogger and has published white papers on threat management and best practices in various social groups. Happiest Minds has a sharp focus on enabling Digital Transformation for customers by delivering a Smart,Secure and Connected experience through disruptive technologies: mobility, big data analytics, security, cloud computing, social computing, M2M/IoT, unified communications, etc. Enterprises are embracing these technologies to implement Omni-channel strategies, manage structured & unstructured data and make real time decisions based on actionable insights, while ensuring security for data and infrastructure. Happiest Minds also offers high degree of skills, IPs and domain expertise across a set of focused areas that include IT Services, Product Engineering Services, Infrastructure Management, Security, Testing and Consulting. Headquartered in Bangalore, India, Happiest Minds has operations in the US, UK, Singapore and Australia. It secured a $52.5 million Series-A funding led by Canaan Partners, Intel Capital and Ashok Soota.. Headquartered in Bangalore, India, Happiest Minds has operations in the US, UK, Singapore and Australia. It secured a $45 million Series-A funding led by Canaan Partners, Intel Capital and Ashok Soota. 8 © 2014 Happiest Minds. All Rights Reserved. E-mail: Business@happiestminds.com Visit us: www.happiestminds.com Follow us on This Document is an exclusive property of Happiest Minds Technologies Pvt. Ltd Manoj Rai

Recommended

Test Driver Selection 10.8.16 2
Test Driver Selection 10.8.16 2Test Driver Selection 10.8.16 2
Test Driver Selection 10.8.16 2
Terry Ausman, MS, PMP
 
SECTZG629T_FR_2012HZ78512
SECTZG629T_FR_2012HZ78512SECTZG629T_FR_2012HZ78512
SECTZG629T_FR_2012HZ78512
Najeem M Illyas
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing Guide
Badawy Abd El-Aziz
 
smpef
smpefsmpef
smpef
rsharmam
 
Starting a career in software testing
Starting a career in software testingStarting a career in software testing
Starting a career in software testing
Lamhot J.M. Siagian
 
LinkedIn CyberSecurity Presentation
LinkedIn CyberSecurity PresentationLinkedIn CyberSecurity Presentation
LinkedIn CyberSecurity Presentation
Ben Berg
 
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
iosrjce
 
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET- Effective Technique Used for Malware Detection using Machine LearningIRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET Journal
 

Recommended

Test Driver Selection 10.8.16 2
Test Driver Selection 10.8.16 2Test Driver Selection 10.8.16 2
Test Driver Selection 10.8.16 2
Terry Ausman, MS, PMP
 
SECTZG629T_FR_2012HZ78512
SECTZG629T_FR_2012HZ78512SECTZG629T_FR_2012HZ78512
SECTZG629T_FR_2012HZ78512
Najeem M Illyas
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing Guide
Badawy Abd El-Aziz
 
smpef
smpefsmpef
smpef
rsharmam
 
Starting a career in software testing
Starting a career in software testingStarting a career in software testing
Starting a career in software testing
Lamhot J.M. Siagian
 
LinkedIn CyberSecurity Presentation
LinkedIn CyberSecurity PresentationLinkedIn CyberSecurity Presentation
LinkedIn CyberSecurity Presentation
Ben Berg
 
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
iosrjce
 
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET- Effective Technique Used for Malware Detection using Machine LearningIRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET Journal
 
Risk base effective testing and quality management in the project
Risk base effective testing and quality management in the projectRisk base effective testing and quality management in the project
Risk base effective testing and quality management in the project
Stowarzyszenie Jakości Systemów Informatycznych (SJSI)
 
Software testing lecture notes
Software testing lecture notesSoftware testing lecture notes
Software testing lecture notes
TEJVEER SINGH
 
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
QA or the Highway
 
PAHS - White Paper
PAHS - White PaperPAHS - White Paper
PAHS - White Paper
Avsglobal Engineers
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
Ryan Faircloth
 
Risk Assessment Model and its Integration into an Established Test Process
Risk Assessment Model and its Integration into an Established Test ProcessRisk Assessment Model and its Integration into an Established Test Process
Risk Assessment Model and its Integration into an Established Test Process
ijtsrd
 
Monkey see
Monkey seeMonkey see
Monkey see
Izz Hayes
 
TRABAJO PRACTICO N' 9
TRABAJO PRACTICO N' 9TRABAJO PRACTICO N' 9
TRABAJO PRACTICO N' 9
Ceeci Pennella
 
Showcase JP*Haus
Showcase JP*Haus Showcase JP*Haus
Showcase JP*Haus
JP*Haus
 
Cgi 2016 version définitive ldf 2016
Cgi 2016 version définitive ldf 2016Cgi 2016 version définitive ldf 2016
Cgi 2016 version définitive ldf 2016
Rachid Elasri
 
G Saari Tiia.02.06.15
G Saari Tiia.02.06.15G Saari Tiia.02.06.15
G Saari Tiia.02.06.15
Tiia Saari
 
Digital Marketing Platform for world's second-largest beverages company in te...
Digital Marketing Platform for world's second-largest beverages company in te...Digital Marketing Platform for world's second-largest beverages company in te...
Digital Marketing Platform for world's second-largest beverages company in te...
Happiest Minds Technologies
 
SAP Certificate
SAP CertificateSAP Certificate
SAP Certificate
Hassan Ramadan
 
CGV - Corporate Presentation 2016
CGV - Corporate Presentation 2016CGV - Corporate Presentation 2016
CGV - Corporate Presentation 2016
Rahul Jain
 
Doc1
Doc1Doc1
Doc1
hindukumar
 
Hola
HolaHola
Hola
gissellemar
 
Reference - Janet 2
Reference - Janet 2Reference - Janet 2
Reference - Janet 2
Hannah Anidjar
 
Changing face-of-unified-communications
Changing face-of-unified-communicationsChanging face-of-unified-communications
Changing face-of-unified-communications
Happiest Minds Technologies
 
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
Bachir Benyammi
 
Franz Joseph Haydn
Franz Joseph HaydnFranz Joseph Haydn
Franz Joseph Haydn
John Peter Holly
 
Wolfgang Amadeus Mozart
Wolfgang Amadeus MozartWolfgang Amadeus Mozart
Wolfgang Amadeus Mozart
John Peter Holly
 
Bach, Handel & Vivaldi
Bach, Handel & VivaldiBach, Handel & Vivaldi
Bach, Handel & Vivaldi
John Peter Holly
 

More Related Content

What's hot

Software testing lecture notes
Software testing lecture notesSoftware testing lecture notes
Software testing lecture notes
TEJVEER SINGH
 
Risk Assessment Model and its Integration into an Established Test Process
Risk Assessment Model and its Integration into an Established Test ProcessRisk Assessment Model and its Integration into an Established Test Process
Risk Assessment Model and its Integration into an Established Test Process
ijtsrd
 

What's hot (6)

Risk base effective testing and quality management in the project
Risk base effective testing and quality management in the projectRisk base effective testing and quality management in the project
Risk base effective testing and quality management in the project
 
Software testing lecture notes
Software testing lecture notesSoftware testing lecture notes
Software testing lecture notes
 
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
Bringing the hacker mindset into requirements and testing by Eapen Thomas and...
 
PAHS - White Paper
PAHS - White PaperPAHS - White Paper
PAHS - White Paper
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
Risk Assessment Model and its Integration into an Established Test Process
Risk Assessment Model and its Integration into an Established Test ProcessRisk Assessment Model and its Integration into an Established Test Process
Risk Assessment Model and its Integration into an Established Test Process
 

Viewers also liked

Showcase JP*Haus
Showcase JP*Haus Showcase JP*Haus
Showcase JP*Haus
JP*Haus
 
G Saari Tiia.02.06.15
G Saari Tiia.02.06.15G Saari Tiia.02.06.15
G Saari Tiia.02.06.15
Tiia Saari
 
CGV - Corporate Presentation 2016
CGV - Corporate Presentation 2016CGV - Corporate Presentation 2016
CGV - Corporate Presentation 2016
Rahul Jain
 

Viewers also liked (16)

Monkey see
Monkey seeMonkey see
Monkey see
 
TRABAJO PRACTICO N' 9
TRABAJO PRACTICO N' 9TRABAJO PRACTICO N' 9
TRABAJO PRACTICO N' 9
 
Showcase JP*Haus
Showcase JP*Haus Showcase JP*Haus
Showcase JP*Haus
 
Cgi 2016 version définitive ldf 2016
Cgi 2016 version définitive ldf 2016Cgi 2016 version définitive ldf 2016
Cgi 2016 version définitive ldf 2016
 
G Saari Tiia.02.06.15
G Saari Tiia.02.06.15G Saari Tiia.02.06.15
G Saari Tiia.02.06.15
 
Digital Marketing Platform for world's second-largest beverages company in te...
Digital Marketing Platform for world's second-largest beverages company in te...Digital Marketing Platform for world's second-largest beverages company in te...
Digital Marketing Platform for world's second-largest beverages company in te...
 
SAP Certificate
SAP CertificateSAP Certificate
SAP Certificate
 
CGV - Corporate Presentation 2016
CGV - Corporate Presentation 2016CGV - Corporate Presentation 2016
CGV - Corporate Presentation 2016
 
Doc1
Doc1Doc1
Doc1
 
Hola
HolaHola
Hola
 
Reference - Janet 2
Reference - Janet 2Reference - Janet 2
Reference - Janet 2
 
Changing face-of-unified-communications
Changing face-of-unified-communicationsChanging face-of-unified-communications
Changing face-of-unified-communications
 
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
 
Franz Joseph Haydn
Franz Joseph HaydnFranz Joseph Haydn
Franz Joseph Haydn
 
Wolfgang Amadeus Mozart
Wolfgang Amadeus MozartWolfgang Amadeus Mozart
Wolfgang Amadeus Mozart
 
Bach, Handel & Vivaldi
Bach, Handel & VivaldiBach, Handel & Vivaldi
Bach, Handel & Vivaldi
 

Similar to Hybrid model for penetration testing

Selenium - A Trending Automation Testing Tool
Selenium - A Trending Automation Testing ToolSelenium - A Trending Automation Testing Tool
Selenium - A Trending Automation Testing Tool
ijtsrd
 
Automated testing handbook
Automated testing handbookAutomated testing handbook
Automated testing handbook
Andrei Hortúa
 
Automated software testing
Automated software testingAutomated software testing
Automated software testing
gauravpanwar8
 
The Leaders Guide to Getting Started with Automated Testing
The Leaders Guide to Getting Started with Automated TestingThe Leaders Guide to Getting Started with Automated Testing
The Leaders Guide to Getting Started with Automated Testing
James Briers
 

Similar to Hybrid model for penetration testing (20)

Why Manual Pen-Testing is a must have for comprehensive application security ...
Why Manual Pen-Testing is a must have for comprehensive application security ...Why Manual Pen-Testing is a must have for comprehensive application security ...
Why Manual Pen-Testing is a must have for comprehensive application security ...
 
The Continuing Relevance of Manual Testing.pdf
The Continuing Relevance of Manual Testing.pdfThe Continuing Relevance of Manual Testing.pdf
The Continuing Relevance of Manual Testing.pdf
 
Selenium - A Trending Automation Testing Tool
Selenium - A Trending Automation Testing ToolSelenium - A Trending Automation Testing Tool
Selenium - A Trending Automation Testing Tool
 
intiGrow newsletter-april2022.pdf
intiGrow newsletter-april2022.pdfintiGrow newsletter-april2022.pdf
intiGrow newsletter-april2022.pdf
 
A Comparative Guide to Automation and Manual Testing.pdf
A Comparative Guide to Automation and Manual Testing.pdfA Comparative Guide to Automation and Manual Testing.pdf
A Comparative Guide to Automation and Manual Testing.pdf
 
Influence of emphasized automation in ci
Influence of emphasized automation in ciInfluence of emphasized automation in ci
Influence of emphasized automation in ci
 
Test automation: Are Enterprises ready to bite the bullet?
Test automation: Are Enterprises ready to bite the bullet?Test automation: Are Enterprises ready to bite the bullet?
Test automation: Are Enterprises ready to bite the bullet?
 
Automated testing-whitepaper
Automated testing-whitepaperAutomated testing-whitepaper
Automated testing-whitepaper
 
Software_testing Unit 1 bca V.pdf
Software_testing Unit 1 bca V.pdfSoftware_testing Unit 1 bca V.pdf
Software_testing Unit 1 bca V.pdf
 
Is the Future of Manual Software Testing in Jeopardy?
Is the Future of Manual Software Testing in Jeopardy?Is the Future of Manual Software Testing in Jeopardy?
Is the Future of Manual Software Testing in Jeopardy?
 
What is software testing and it’s different types
What is software testing and it’s different typesWhat is software testing and it’s different types
What is software testing and it’s different types
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Exploratory Testing, A Guide Towards Better Test Coverage.pdf
Exploratory Testing, A Guide Towards Better Test Coverage.pdfExploratory Testing, A Guide Towards Better Test Coverage.pdf
Exploratory Testing, A Guide Towards Better Test Coverage.pdf
 
Automated vs.pdf
Automated vs.pdfAutomated vs.pdf
Automated vs.pdf
 
Understanding Manual Testing.pdf
Understanding Manual Testing.pdfUnderstanding Manual Testing.pdf
Understanding Manual Testing.pdf
 
Automated testing handbook
Automated testing handbookAutomated testing handbook
Automated testing handbook
 
7 QA Tests You Should Be Running
7 QA Tests You Should Be Running7 QA Tests You Should Be Running
7 QA Tests You Should Be Running
 
Streamline and Accelerate User Acceptance Testing (UAT) with Automation.pdf
Streamline and Accelerate User Acceptance Testing (UAT) with Automation.pdfStreamline and Accelerate User Acceptance Testing (UAT) with Automation.pdf
Streamline and Accelerate User Acceptance Testing (UAT) with Automation.pdf
 
Automated software testing
Automated software testingAutomated software testing
Automated software testing
 
The Leaders Guide to Getting Started with Automated Testing
The Leaders Guide to Getting Started with Automated TestingThe Leaders Guide to Getting Started with Automated Testing
The Leaders Guide to Getting Started with Automated Testing
 

More from Happiest Minds Technologies

ARTIFICIAL INTELLIGENCE IN DIGITAL BANKING
ARTIFICIAL INTELLIGENCE IN DIGITAL BANKINGARTIFICIAL INTELLIGENCE IN DIGITAL BANKING
ARTIFICIAL INTELLIGENCE IN DIGITAL BANKING
Happiest Minds Technologies
 

More from Happiest Minds Technologies (20)

Largest Electricity provider in the US- Case Study
Largest Electricity provider in the US- Case StudyLargest Electricity provider in the US- Case Study
Largest Electricity provider in the US- Case Study
 
BFSI GLOBAL TRENDS FY 24
BFSI GLOBAL TRENDS FY 24BFSI GLOBAL TRENDS FY 24
BFSI GLOBAL TRENDS FY 24
 
ARTIFICIAL INTELLIGENCE IN DIGITAL BANKING
ARTIFICIAL INTELLIGENCE IN DIGITAL BANKINGARTIFICIAL INTELLIGENCE IN DIGITAL BANKING
ARTIFICIAL INTELLIGENCE IN DIGITAL BANKING
 
DIGITAL MANUFACTURING
DIGITAL MANUFACTURINGDIGITAL MANUFACTURING
DIGITAL MANUFACTURING
 
Exploring the Potential of ChatGPT in Banking, Financial SERVICES & Insurance
Exploring the Potential of ChatGPT in Banking, Financial SERVICES & InsuranceExploring the Potential of ChatGPT in Banking, Financial SERVICES & Insurance
Exploring the Potential of ChatGPT in Banking, Financial SERVICES & Insurance
 
AN OVERVIEW OF THE METAVERSE
AN OVERVIEW OF THE METAVERSEAN OVERVIEW OF THE METAVERSE
AN OVERVIEW OF THE METAVERSE
 
VMware to AWS Cloud Migration
VMware to AWS Cloud MigrationVMware to AWS Cloud Migration
VMware to AWS Cloud Migration
 
Digital-Content-Monetization-DCM-Platform-2.pdf
Digital-Content-Monetization-DCM-Platform-2.pdfDigital-Content-Monetization-DCM-Platform-2.pdf
Digital-Content-Monetization-DCM-Platform-2.pdf
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
Cloud Reshaping Banking
Cloud Reshaping BankingCloud Reshaping Banking
Cloud Reshaping Banking
 
Automating SOC1/2 Compliance- For a leading Software solution company in UK
Automating SOC1/2 Compliance- For a leading Software solution company in UKAutomating SOC1/2 Compliance- For a leading Software solution company in UK
Automating SOC1/2 Compliance- For a leading Software solution company in UK
 
PAMaaS- Powered by CyberArk
PAMaaS- Powered by CyberArkPAMaaS- Powered by CyberArk
PAMaaS- Powered by CyberArk
 
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
 
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
 
REDUCING TRANSPORTATION COSTS IN RETAIL THROUGH INTELLIGENT FREIGHT AUDIT
REDUCING TRANSPORTATION COSTS IN RETAIL THROUGH INTELLIGENT FREIGHT AUDITREDUCING TRANSPORTATION COSTS IN RETAIL THROUGH INTELLIGENT FREIGHT AUDIT
REDUCING TRANSPORTATION COSTS IN RETAIL THROUGH INTELLIGENT FREIGHT AUDIT
 
REDUCING TRANSPORTATION COSTS IN CPG THROUGH INTELLIGENT FREIGHT AUDIT
REDUCING TRANSPORTATION COSTS IN CPG THROUGH INTELLIGENT FREIGHT AUDITREDUCING TRANSPORTATION COSTS IN CPG THROUGH INTELLIGENT FREIGHT AUDIT
REDUCING TRANSPORTATION COSTS IN CPG THROUGH INTELLIGENT FREIGHT AUDIT
 
How to Approach Tool Integrations
How to Approach Tool IntegrationsHow to Approach Tool Integrations
How to Approach Tool Integrations
 
REDUCING TRANSPORTATION COSTS IN RETAIL THROUGH INTELLIGENT FREIGHT AUDIT
REDUCING TRANSPORTATION COSTS IN RETAIL THROUGH INTELLIGENT FREIGHT AUDITREDUCING TRANSPORTATION COSTS IN RETAIL THROUGH INTELLIGENT FREIGHT AUDIT
REDUCING TRANSPORTATION COSTS IN RETAIL THROUGH INTELLIGENT FREIGHT AUDIT
 

Recently uploaded

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Hybrid model for penetration testing

  • 1. Happiest People Happiest Customers A Hybrid Model for Penetration Testing: Leveraging the Benefits of both Automated and Manual Testing
  • 2. Contents © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved2 Introduction.......................................................................................................................................,...3 Automated Testing or Manual Intervetion?...........................................................................................6 Comparing the Two...............................................................................................................................4 Manual and Automated Testing at a Glance.........................................................................................5 Conclusion: Not Automated OR Manual, but Automated AND Manual.................................................5 About the Author....................................................................................................................................8
  • 3. Introduction Everyone remembers Sony Pictures Entertainment’s nightmare in late 2014. Attackers hacked terabytes of data after deleting the original copies from Sony computers. Recent estimates indicate that the incident has already cost Sony USD 15 million, and still counting. With the burgeoning usage of networking technologies, data breaches have become common today. A recent study conducted by the Ponemon Institute reported that the average cost of data breach to a company was USD 3.5 million in 2014, 15% more than the previous year. The high cost of data loss, business outage, and disruption in business processes, as well as the escalating costs of recovery from security breaches make it vital for organizations to have strong security measures in place. One such widely implemented and effective precautionary measure is Penetration Testing (or pen testing as it is popu- larly called). The objective of a pen test is to determine if an application/network/infrastructure can withstand an intrusion attempt—it involves simulating an attack on your system, with the pen tester seeking to deliberately exploit exposed vulnerabilities. The pen test, thus, provides specific information on the flaws in an application or system, pointing to the data that could be compromised and the resulting business impact. This exercise enables you to explore multiple attack vectors on the same target. Pen testing works on the premise that hackers have a deeper knowledge of network vulner- abilities than the organization that runs the networks. And the pen tester seeks to replicate these ‘attacks’ and exploit your vulnerabilities. Pen tests are conducted with knowledge of the organization, and a variety of tools and techniques are used to bypass security controls, pinpoint technical flaws in coding, and identify business logic vulnerabilities. The concluding step is the reporting and remediation of issues discovered during the test. © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved3
  • 4. When it comes to penetration testing, there are any number of automated tools available in the marketplace—both the high-priced sophisticated lot, and their inexpensive counterparts that are just about adequate. However, the ideal pen test is more than just a series of automated tests ticked off on a checklist. The effective pen test goes beyond the technical to test business logic vulnerabilities as well. It studies the vulnerability of your entire system and not just isolated, discrete functionalities. In short, the ideal pen test is one that uses automated tools, but is led by human intelligence and insight. Automated tools for penetration testing are efficient and consistent, but complementing them with manual testing ensures complete coverage. Combining the two offers comprehensive coverage, both breadth (automated) and depth (manual) Automated tools can identify simple and well-known forms of the common technical vulnerabilities. The more complex vulnerabilities, those related to appli- cation logic or security functionality design require manual intervention. Identifying and analyzing business logic vulnerabilities, for instance, require a skilled manual tester who can understand the logical flow. Consider this example—an application might direct the user from point A to point B to point C, where point B is a security valida- tion check. A manual review of the application, however, might show that it is possible to go directly from point A to point C, bypassing the security validation entirely. Automated Testing or Manual Intervention? Comparing the Two © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved4 Combining automated and manual testing increases staff productivity. For example, if you assume a single security professional makes $100,000 per year and is spending 25% of his time on creating exploits and running manual pen tests, this represents an annual cost of $25,000. This cost can be reduced by automating the test and then supporting it with human intervention where required. In addition, a tool typically tends to focus on a particular area of vulnerability or individual flaw, necessitating multiple pen testing tools. With manual testing, you can not only examine specific flaw categories, but also identify specific application vulnerabilities within the scoped domains. Further, automated testing tools cover certain vulnerability types and not all. According to the MITRE Corporation , automated tools cover only 45% of the known vulnerability types. Hence, the remaining 55% requires manual intervention In addition, a tool typically tends to focus on a particular area of vulnerability or individual flaw, necessitating multiple pen testing tools. With manual testing, you can not only examine specific flaw categories, but also identify specific application vulnerabilities within the scoped domains. Further, automated testing tools cover certain vulnerability types and not all. According to the MITRE Corporation , automated tools cover only 45% of the known vulnerability types. Hence, the remaining 55% requires manual intervention. Manual intervention reduces the false positives generated in automated testing results Automated tests generally result in a high number of false positives. This then demands manual verification for false alarms, since false positives can lead to wasted effort in remediation. Ideally, an automatic tool can perform the bulk of the assess- ment, followed by human evaluation of the results in order to reduce the number of false positives. Manual testing is ‘safe’ testing Automated testing tools can only perform the regimen of tests designed. It normally does not take into account data damage, data loss, impact on application or other resultant scenarios. Context-dependent testing is possible only with manual interven- tion, where a tester studies the application in the context of its functionality and its interdependencies to obtain precise results. Any disruption to business processes resulting from a pen test can be controlled and rectified by manual testers.
  • 5. Automated testing offers speed and efficiency However, standalone manual testing is not exhaustive enough to uncover all vulnerabilities, especially where you require hundreds of iterations to identify patterns. Some smart measures and tools can improve a manual tester’s efficiency, for example, by enabling the automation of a series of steps that, if undertaken manually, would be long-drawn and impracti- cal. Or short code snippets could be run to test iterating logic or conditions. Automated testing is more predictable and consistent because it does not depend on skill of tester Automated testing results produces consistent results over time. There is close to zero discrepancy between two or more executions of the same test. It is fairly predictable. Manual tests, on the other hand, may be erroneous and are only as good as the expertise of the tester. Tools are updated faster than human knowledge and skill Remember that a manual tester is only as good as his skill and expertise. Unless he constantly updates himself with knowledge of new threats, his testing will not be exhaustive and complete. In this, he can be ably assisted by sophisticated automated tools that are regularly updated to combat new threats. Automatic tools are patched regularly with new technol- ogies, techniques, or additional functionalities. While these updates do depend on the vendors, a pen tester learning new techniques and feeding the test methodology back to the system can compensate for the wait time. In this way, one kind of testing can constantly make up for and support the other. Banking industry is going through a phase of commoditization. In today’s scenario, differentiated and delightful customer experience has become more important than just providing financial services. To grab a bigger piece of the cake, banking industry has to understand the unstated needs of the custom- er the way airlines understands the preferences of the frequent flyers or the retailers understand the likes/dislikes of their customers, without even taking direct feedback of the customer. Each and every day, new devices / technologies are providing various customer touch points. Every time customers touch a computer or a screen, they are providing an information trail and it's banks’ responsibility to understand how they use this trail to move their bottom line upwards. Traditionally, banks spent most of their efforts, time and money on transaction execution, which is nothing but has © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved5 Conclusion: Not Automated OR Manual, but Automated AND Manual Manual and Automated Testing at a Glance Parameters Testing process Coverage Safe testing Training Logging/Auditing Determining ROI Manual testing Automated testing Labor-intensive and time consuming Depth Contextual and hence safe Invest in training to learn techniques and skills Slow and cumbersome Often difficult to measure the productivity and efficiency of a manual tester Fast, easy and efficient Breadth Context independent and unaware Easy to use Automatic tracking and management Easy measurement and comparison of auto- mated testing results
  • 6. © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved6 Broad Superficial Inexpensive Efficient Context-independent Specific Deep Focused Expensive Time-consuming Contextual Holistic Automated Testing Manual Testing • Coverage: breadth and depth • Cost-efficient • Detailed, but efficient • Contextual and safe • Holistic view of business vulnerabilities and impact Automated + Manual become a very basic feature of their overall service. While providing expedient, consistent and precise transaction processing ability is still critical, we believe that banks can learn from how retail-ers see the customers’ journey through an Omni-channel lens. Banks now need to rethink the way customers are being valued, may be from the angle of the industries that greatly value customer experience. A tightly coupled multichannel may provide a share of customer’s pocket, but successful implemen- tation of Omni-channel can surely increase the size of the share though competitive advantage and also can help them to retain the same share for a longer period of time. Millionaires aren’t the only ones who want to bank whenever or wherever they want, irrespective of the branch location or the business hours. Customers from all generation, income groups, and coun- tries could make a transaction online one day, and another day, the same transaction through mobile or ATM - or they could start a transaction on any of these channel then continue on another and finish it on different channel. Multichannel gives the flexibility to hop between channel, but not the continuation of the transactions among multiple channels. So, this represent a remarkable chal- lenge for the financial institutions, which are often involved in multiple types of banking such as retails, finance, corporate, mortgage etc...
  • 7. 129 12 © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved7 As the figure above shows, the ideal pen test is one that innovatively combines automated and manual testing techniques, leveraging the benefits of both, and combining together to achieve great- er efficiency and accuracy than when individually performed. This is an evolving model assuring cov- erage of all vulnerability areas, zero false positives, higher efficiency, and accuracy. Ensure that you pen test your systems and applications regularly—new vulnerabilities can creep in at any time, with software updates, evolving threats and new methods of attacks; and you do not want to discover these vulnerabilities when you are under attack!
  • 8. 129 12 © Happiest Minds Technologies Pvt. Ltd. All Rights Reserved About the Author Happiest Minds Manoj Rai has around 14 years of IT experience in Enterprise Applications, Mobile and Infrastructure security. Has rich and diverse global experience in leading large engagements and building deep tech- nology expertise in security testing domain. Manoj is a Bachelor of Engineering in Computer Science with MBA in Systems and Executive Delivery Program from IIM-Bangalore. A regular speaker on various technical subjects like Ethical Hacking, Mobile security, Secure SDLC and Cloud Security areas in CISO platforms, OWASP, BLUG, NULL etc. Has been a regular blogger and has published white papers on threat management and best practices in various social groups. Happiest Minds has a sharp focus on enabling Digital Transformation for customers by delivering a Smart,Secure and Connected experience through disruptive technologies: mobility, big data analytics, security, cloud computing, social computing, M2M/IoT, unified communications, etc. Enterprises are embracing these technologies to implement Omni-channel strategies, manage structured & unstructured data and make real time decisions based on actionable insights, while ensuring security for data and infrastructure. Happiest Minds also offers high degree of skills, IPs and domain expertise across a set of focused areas that include IT Services, Product Engineering Services, Infrastructure Management, Security, Testing and Consulting. Headquartered in Bangalore, India, Happiest Minds has operations in the US, UK, Singapore and Australia. It secured a $52.5 million Series-A funding led by Canaan Partners, Intel Capital and Ashok Soota.. Headquartered in Bangalore, India, Happiest Minds has operations in the US, UK, Singapore and Australia. It secured a $45 million Series-A funding led by Canaan Partners, Intel Capital and Ashok Soota. 8 © 2014 Happiest Minds. All Rights Reserved. E-mail: Business@happiestminds.com Visit us: www.happiestminds.com Follow us on This Document is an exclusive property of Happiest Minds Technologies Pvt. Ltd Manoj Rai