SlideShare a Scribd company logo

Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004

A
Amish Patel

In this presentation you will learn about future of ethical hacking and need of penetration testing. What is Pen testing? Introduction of Penetration Testing Need of Penetration testing in real world Benefits of Pen Testing Methodology of Penetration Testing How to prepare for Penetration testing ?

Education
1 of 23
Download to read offline
Penetration Testing Introduction and Techniques : csivvn : csi_vvn : csi_vvn
Topics Covered  Introduction of Penetration Testing  Need of Penetration Testing  How is Penetration Testing Beneficial?  Security Audits Vs Vulnerability Assessment Vs Pen Test  Types of Penetration testing  Phases of Penetration Testing  Steps of Penetration Testing Method  Security Testing Methodology : csivvn : csi_vvn : csi_vvn
Penetration Testing - Introduction  Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.  If a system is not secured, then any attacker can disrupt or take authorized access to that system. Security risk is normally an accidental error that occurs while developing and implementing the software. For example, configuration errors, design errors, and software bugs, etc. : csivvn : csi_vvn : csi_vvn
Need of Penetration Testing  Penetration testing normally evaluates a system’s ability to protect its networks, applications, endpoints and users from external or internal threats. It also attempts to protect the security controls and ensures only authorized access.  Penetration testing is essential because : −  It identifies a simulation environment i.e., how an intruder may attack the system through white hat attack.  It helps to find weak areas where an intruder can attack to gain access to the computer’s features and data.  It supports to avoid black hat attack and protects the original data.  It estimates the magnitude of the attack on potential business.  It provides evidence to suggest, why it is important to increase investments in security aspect of technology : csivvn : csi_vvn : csi_vvn
How is Penetration Testing Beneficial?  Enhancement of the Management System − It provides detailed information about the security threats. In addition to this, it also categorizes the degree of vulnerabilities and suggests you, which one is more vulnerable and which one is less. So, you can easily and accurately manage your security system by allocating the security resources accordingly.  Avoid Fines − Penetration testing keeps your organization’s major activities updated and complies with the auditing system. So, penetration testing protects you from giving fines.  Protection from Financial Damage − A simple breach of security system may cause millions of dollars of damage. Penetration testing can protect your organization from such damages.  Customer Protection − Breach of even a single customer’s data may cause big financial damage as well as reputation damage. It protects the organizations who deal with the customers and keep their data intact.  Penetration testing is a combination of techniques that considers various issues of the systems and tests, analyzes, and gives solutions. It is based on a structured procedure that performs penetration testing step-by-step. : csivvn : csi_vvn : csi_vvn
Security Audits  A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria. A thorough audit typically assesses the security of the system's physical configuration and environment, software, information handling processes, and user practices. Security audits are often used to determine regulatory compliance, in the wake of that specifies how organizations must deal with information. : csivvn : csi_vvn : csi_vvn
Vulnerability Assessment  A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately. : csivvn : csi_vvn : csi_vvn
Pen Test  Penetration testing is a combination of techniques that considers various issues of the systems and tests, analyzes, and gives solutions. It is based on a structured procedure that performs penetration testing step-by-step. : csivvn : csi_vvn : csi_vvn
Types of Penetration testing  The type of penetration testing normally depends on the scope and the organizational wants and requirements. This chapter discusses about different types of Penetration testing. It is also known as Pen Testing.  Following are the important types of pen testing :- Pen Test White Box Penetration testing Black Box Penetration testing Grey Box Penetration testing : csivvn : csi_vvn : csi_vvn
White Box Penetration testing  This is a comprehensive testing, as tester has been provided with whole range of information about the systems and/or network such as Schema, Source code, OS details, IP address, etc. It is normally considered as a simulation of an attack by an internal source. It is also known as structural, glass box, clear box, and open box testing.  White box penetration testing examines the code coverage and does data flow testing, path testing, loop testing, etc.  Advantages of White Box Penetration Testing  It ensures that all independent paths of a module have been exercised.  It ensures that all logical decisions have been verified along with their true and false value.  It discovers the typographical errors and does syntax checking.  It finds the design errors that may have occurred because of the difference between logical flow of the program and the actual execution. : csivvn : csi_vvn : csi_vvn
Black Box Penetration testing  In black box penetration testing, tester has no idea about the systems that he is going to test. He is interested to gather information about the target network or system. For example, in this testing, a tester only knows what should be the expected outcome and he does not know how the outcomes arrives. He does not examine any programming codes.  Advantages of Black Box Penetration Testing  Tester need not necessarily be an expert, as it does not demand specific language knowledge  Tester verifies contradictions in the actual system and the specifications  Test is generally conducted with the perspective of a user, not the designer  Disadvantages of Black Box Penetration Testing  Particularly, these kinds of test cases are difficult to design.  Possibly, it is not worth, incase designer has already conducted a test case.  It does not conduct everything. : csivvn : csi_vvn : csi_vvn
Grey Box Penetration testing  In this type of testing, a tester usually provides partial or limited information about the internal details of the program of a system. It can be considered as an attack by an external hacker who had gained illegitimate access to an organization's network infrastructure documents.  Advantages of Grey Box Penetration Testing  As the tester does not require the access of source code, it is non-intrusive and unbiased  As there is clear difference between a developer and a tester, so there is least risk of personal conflict  You don’t need to provide the internal information about the program functions and other operations : csivvn : csi_vvn : csi_vvn
Phases of Penetration Testing  Penetration Testing Includes Three Phases :- : csivvn : csi_vvn : csi_vvn
Steps of Penetration Testing Method  The following are the seven steps of penetration testing :- : csivvn : csi_vvn : csi_vvn
Planning & Preparation  Planning and preparation starts with defining the goals and objectives of the penetration testing.  The client and the tester jointly define the goals so that both the parties have the same objectives and understanding. The common objectives of penetration testing are :−  To identify the vulnerability and improve the security of the technical systems.  Have IT security confirmed by an external third party.  Increase the security of the organizational/personnel infrastructure. : csivvn : csi_vvn : csi_vvn
Reconnaissance  Reconnaissance includes an analysis of the preliminary information.  Many times, a tester doesn’t have much information other than the preliminary information, i.e., an IP address or IP address block.  The tester starts by analyzing the available information and, if required, requests for more information such as system descriptions, network plans, etc. from the client.  This step is the passive penetration test, a sort of. The sole objective is to obtain a complete and detailed information of the systems. : csivvn : csi_vvn : csi_vvn
Discovery  In this step, a penetration tester will most likely use the automated tools to scan target assets for discovering vulnerabilities. These tools normally have their own databases giving the details of the latest vulnerabilities. However, tester discover  Network Discovery − Such as discovery of additional systems, servers, and other devices.  Host Discovery − It determines open ports on these devices.  Service Interrogation − It interrogates ports to discover actual services which are running on them. : csivvn : csi_vvn : csi_vvn
Analyzing Information and Risks  In this step, tester analyzes and assesses the information gathered before the test steps for dynamically penetrating the system. Because of larger number of systems and size of infrastructure, it is extremely time consuming. While analyzing, the tester considers the following elements :−  The defined goals of the penetration test.  The potential risks to the system.  The estimated time required for evaluating potential security flaws for the subsequent active penetration testing.  However, from the list of identified systems, the tester may choose to test only those which contain potential vulnerabilities. : csivvn : csi_vvn : csi_vvn
Active Intrusion Attempts  This is the most important step that has to be performed with due care.  This step entails the extent to which the potential vulnerabilities that was identified in the discovery step which possess the actual risks.  This step must be performed when a verification of potential vulnerabilities is needed. For those systems having very high integrity requirements, the potential vulnerability and risk needs to be carefully considered before conducting critical clean up procedures. : csivvn : csi_vvn : csi_vvn
Final Analysis  This step primarily considers all the steps conducted (discussed above) till that time and an evaluation of the vulnerabilities present in the form of potential risks.  Further, the tester recommends to eliminate the vulnerabilities and risks. Above all, the tester must assure the transparency of the tests and the vulnerabilities that it disclosed. : csivvn : csi_vvn : csi_vvn
Report Preparation  Report preparation must start with overall testing procedures, followed by an analysis of vulnerabilities and risks. The high risks and critical vulnerabilities must have priorities and then followed by the lower order.  However, while documenting the final report, the following points needs to be considered −  Overall summary of penetration testing.  Details of each step and the information gathered during the pen testing.  Details of all the vulnerabilities and risks discovered.  Details of cleaning and fixing the systems.  Suggestions for future security. : csivvn : csi_vvn : csi_vvn
Security Testing Methodology  Lets surf Online… : csivvn : csi_vvn : csi_vvn
Thanks to All Any Query? Call : +91.9099082532 : csivvn : csi_vvn : csi_vvn Like/Follow for Notification of Latest Cyber Security & Technology's Update.

Recommended

Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004
Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004
Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004
Amish Patel
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security Testing
Sanjulika Rastogi
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision Points
PivotPointSecurity
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
Harshit Singh Bhatia
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodology
Cahyo Darujati
 

Recommended

Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004
Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004
Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004
Amish Patel
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Penetration Security Testing
Penetration Security TestingPenetration Security Testing
Penetration Security Testing
Sanjulika Rastogi
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision Points
PivotPointSecurity
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
Harshit Singh Bhatia
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodology
Cahyo Darujati
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
Danny Wong
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Ciss previsionnotes
Ciss previsionnotesCiss previsionnotes
Ciss previsionnotes
madunix
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modelling
Invisibits
 
Web Application Penetration Tests - Vulnerability Identification and Details ...
Web Application Penetration Tests - Vulnerability Identification and Details ...Web Application Penetration Tests - Vulnerability Identification and Details ...
Web Application Penetration Tests - Vulnerability Identification and Details ...
Netsparker
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - Reporting
Netsparker
 
Accurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilegeAccurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilege
UltraUploader
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
Asif Anik
 
Whitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsWhitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest Minds
Happiest Minds Technologies
 
Wm4
Wm4Wm4
Wm4
Umang Patel
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
Chema Alonso
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
Mayur Mehta
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
FFRI, Inc.
 
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
franco_bb
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
Shruthi Reddy
 
Nss labs-breach-detection
Nss labs-breach-detectionNss labs-breach-detection
Nss labs-breach-detection
Michael Kurzidim
 
Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
Sense Learner Technologies Pvt Ltd
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Falgun Rathod
 

More Related Content

What's hot

Ciss previsionnotes
Ciss previsionnotesCiss previsionnotes
Ciss previsionnotes
madunix
 
Accurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilegeAccurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilege
UltraUploader
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
franco_bb
 

What's hot (20)

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Ciss previsionnotes
Ciss previsionnotesCiss previsionnotes
Ciss previsionnotes
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modelling
 
Web Application Penetration Tests - Vulnerability Identification and Details ...
Web Application Penetration Tests - Vulnerability Identification and Details ...Web Application Penetration Tests - Vulnerability Identification and Details ...
Web Application Penetration Tests - Vulnerability Identification and Details ...
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - Reporting
 
Accurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilegeAccurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilege
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
 
Whitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsWhitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest Minds
 
Wm4
Wm4Wm4
Wm4
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
 
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 
Nss labs-breach-detection
Nss labs-breach-detectionNss labs-breach-detection
Nss labs-breach-detection
 

Similar to Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004

Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
Sense Learner Technologies Pvt Ltd
 
Network Penetration Testing Service
Network Penetration Testing ServiceNetwork Penetration Testing Service
Network Penetration Testing Service
Sense Learner Technologies Pvt Ltd
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
YogeshIJTSRD
 

Similar to Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004 (20)

Penetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdfPenetration Testing Service in India Senselearner .pdf
Penetration Testing Service in India Senselearner .pdf
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
What to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration TestWhat to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration Test
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing
 
Network Penetration Testing Service
Network Penetration Testing ServiceNetwork Penetration Testing Service
Network Penetration Testing Service
 
What are the 5 Stages of Penetration.pdf
What are the 5 Stages of Penetration.pdfWhat are the 5 Stages of Penetration.pdf
What are the 5 Stages of Penetration.pdf
 
Vulnerability Scanning Techniques and Vulnerability scores & exposures
Vulnerability Scanning Techniques and Vulnerability scores & exposuresVulnerability Scanning Techniques and Vulnerability scores & exposures
Vulnerability Scanning Techniques and Vulnerability scores & exposures
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber Security
 
Vulnerability Assessment and Penetration Testing: Safeguarding Digital Assets
Vulnerability Assessment and Penetration Testing: Safeguarding Digital AssetsVulnerability Assessment and Penetration Testing: Safeguarding Digital Assets
Vulnerability Assessment and Penetration Testing: Safeguarding Digital Assets
 
PACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment ToolsPACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment Tools
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability Management
 
What is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdfWhat is the process of Vulnerability Assessment and Penetration Testing.pdf
What is the process of Vulnerability Assessment and Penetration Testing.pdf
 
Software security testing
Software security testingSoftware security testing
Software security testing
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing Guide
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
 
Vulnerability and Penetration Testing
Vulnerability and Penetration TestingVulnerability and Penetration Testing
Vulnerability and Penetration Testing
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration TestingA Comparative Study between Vulnerability Assessment and Penetration Testing
A Comparative Study between Vulnerability Assessment and Penetration Testing
 

Recently uploaded

Personalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaPersonalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
EADTU
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
EADTU
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
Peter Brusilovsky
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
CaitlinCummins3
 

Recently uploaded (20)

Personalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaPersonalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
 
The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFThe Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDF
 
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
An overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismAn overview of the various scriptures in Hinduism
An overview of the various scriptures in Hinduism
 
PSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptxPSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptx
 
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjStl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
 
ANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptxANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptx
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................
 
e-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopale-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopal
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
 
Đề tieng anh thpt 2024 danh cho cac ban hoc sinh
Đề tieng anh thpt 2024 danh cho cac ban hoc sinhĐề tieng anh thpt 2024 danh cho cac ban hoc sinh
Đề tieng anh thpt 2024 danh cho cac ban hoc sinh
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio App
 
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
 

Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004

  • 1. Penetration Testing Introduction and Techniques : csivvn : csi_vvn : csi_vvn
  • 2. Topics Covered  Introduction of Penetration Testing  Need of Penetration Testing  How is Penetration Testing Beneficial?  Security Audits Vs Vulnerability Assessment Vs Pen Test  Types of Penetration testing  Phases of Penetration Testing  Steps of Penetration Testing Method  Security Testing Methodology : csivvn : csi_vvn : csi_vvn
  • 3. Penetration Testing - Introduction  Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.  If a system is not secured, then any attacker can disrupt or take authorized access to that system. Security risk is normally an accidental error that occurs while developing and implementing the software. For example, configuration errors, design errors, and software bugs, etc. : csivvn : csi_vvn : csi_vvn
  • 4. Need of Penetration Testing  Penetration testing normally evaluates a system’s ability to protect its networks, applications, endpoints and users from external or internal threats. It also attempts to protect the security controls and ensures only authorized access.  Penetration testing is essential because : −  It identifies a simulation environment i.e., how an intruder may attack the system through white hat attack.  It helps to find weak areas where an intruder can attack to gain access to the computer’s features and data.  It supports to avoid black hat attack and protects the original data.  It estimates the magnitude of the attack on potential business.  It provides evidence to suggest, why it is important to increase investments in security aspect of technology : csivvn : csi_vvn : csi_vvn
  • 5. How is Penetration Testing Beneficial?  Enhancement of the Management System − It provides detailed information about the security threats. In addition to this, it also categorizes the degree of vulnerabilities and suggests you, which one is more vulnerable and which one is less. So, you can easily and accurately manage your security system by allocating the security resources accordingly.  Avoid Fines − Penetration testing keeps your organization’s major activities updated and complies with the auditing system. So, penetration testing protects you from giving fines.  Protection from Financial Damage − A simple breach of security system may cause millions of dollars of damage. Penetration testing can protect your organization from such damages.  Customer Protection − Breach of even a single customer’s data may cause big financial damage as well as reputation damage. It protects the organizations who deal with the customers and keep their data intact.  Penetration testing is a combination of techniques that considers various issues of the systems and tests, analyzes, and gives solutions. It is based on a structured procedure that performs penetration testing step-by-step. : csivvn : csi_vvn : csi_vvn
  • 6. Security Audits  A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria. A thorough audit typically assesses the security of the system's physical configuration and environment, software, information handling processes, and user practices. Security audits are often used to determine regulatory compliance, in the wake of that specifies how organizations must deal with information. : csivvn : csi_vvn : csi_vvn
  • 7. Vulnerability Assessment  A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately. : csivvn : csi_vvn : csi_vvn
  • 8. Pen Test  Penetration testing is a combination of techniques that considers various issues of the systems and tests, analyzes, and gives solutions. It is based on a structured procedure that performs penetration testing step-by-step. : csivvn : csi_vvn : csi_vvn
  • 9. Types of Penetration testing  The type of penetration testing normally depends on the scope and the organizational wants and requirements. This chapter discusses about different types of Penetration testing. It is also known as Pen Testing.  Following are the important types of pen testing :- Pen Test White Box Penetration testing Black Box Penetration testing Grey Box Penetration testing : csivvn : csi_vvn : csi_vvn
  • 10. White Box Penetration testing  This is a comprehensive testing, as tester has been provided with whole range of information about the systems and/or network such as Schema, Source code, OS details, IP address, etc. It is normally considered as a simulation of an attack by an internal source. It is also known as structural, glass box, clear box, and open box testing.  White box penetration testing examines the code coverage and does data flow testing, path testing, loop testing, etc.  Advantages of White Box Penetration Testing  It ensures that all independent paths of a module have been exercised.  It ensures that all logical decisions have been verified along with their true and false value.  It discovers the typographical errors and does syntax checking.  It finds the design errors that may have occurred because of the difference between logical flow of the program and the actual execution. : csivvn : csi_vvn : csi_vvn
  • 11. Black Box Penetration testing  In black box penetration testing, tester has no idea about the systems that he is going to test. He is interested to gather information about the target network or system. For example, in this testing, a tester only knows what should be the expected outcome and he does not know how the outcomes arrives. He does not examine any programming codes.  Advantages of Black Box Penetration Testing  Tester need not necessarily be an expert, as it does not demand specific language knowledge  Tester verifies contradictions in the actual system and the specifications  Test is generally conducted with the perspective of a user, not the designer  Disadvantages of Black Box Penetration Testing  Particularly, these kinds of test cases are difficult to design.  Possibly, it is not worth, incase designer has already conducted a test case.  It does not conduct everything. : csivvn : csi_vvn : csi_vvn
  • 12. Grey Box Penetration testing  In this type of testing, a tester usually provides partial or limited information about the internal details of the program of a system. It can be considered as an attack by an external hacker who had gained illegitimate access to an organization's network infrastructure documents.  Advantages of Grey Box Penetration Testing  As the tester does not require the access of source code, it is non-intrusive and unbiased  As there is clear difference between a developer and a tester, so there is least risk of personal conflict  You don’t need to provide the internal information about the program functions and other operations : csivvn : csi_vvn : csi_vvn
  • 13. Phases of Penetration Testing  Penetration Testing Includes Three Phases :- : csivvn : csi_vvn : csi_vvn
  • 14. Steps of Penetration Testing Method  The following are the seven steps of penetration testing :- : csivvn : csi_vvn : csi_vvn
  • 15. Planning & Preparation  Planning and preparation starts with defining the goals and objectives of the penetration testing.  The client and the tester jointly define the goals so that both the parties have the same objectives and understanding. The common objectives of penetration testing are :−  To identify the vulnerability and improve the security of the technical systems.  Have IT security confirmed by an external third party.  Increase the security of the organizational/personnel infrastructure. : csivvn : csi_vvn : csi_vvn
  • 16. Reconnaissance  Reconnaissance includes an analysis of the preliminary information.  Many times, a tester doesn’t have much information other than the preliminary information, i.e., an IP address or IP address block.  The tester starts by analyzing the available information and, if required, requests for more information such as system descriptions, network plans, etc. from the client.  This step is the passive penetration test, a sort of. The sole objective is to obtain a complete and detailed information of the systems. : csivvn : csi_vvn : csi_vvn
  • 17. Discovery  In this step, a penetration tester will most likely use the automated tools to scan target assets for discovering vulnerabilities. These tools normally have their own databases giving the details of the latest vulnerabilities. However, tester discover  Network Discovery − Such as discovery of additional systems, servers, and other devices.  Host Discovery − It determines open ports on these devices.  Service Interrogation − It interrogates ports to discover actual services which are running on them. : csivvn : csi_vvn : csi_vvn
  • 18. Analyzing Information and Risks  In this step, tester analyzes and assesses the information gathered before the test steps for dynamically penetrating the system. Because of larger number of systems and size of infrastructure, it is extremely time consuming. While analyzing, the tester considers the following elements :−  The defined goals of the penetration test.  The potential risks to the system.  The estimated time required for evaluating potential security flaws for the subsequent active penetration testing.  However, from the list of identified systems, the tester may choose to test only those which contain potential vulnerabilities. : csivvn : csi_vvn : csi_vvn
  • 19. Active Intrusion Attempts  This is the most important step that has to be performed with due care.  This step entails the extent to which the potential vulnerabilities that was identified in the discovery step which possess the actual risks.  This step must be performed when a verification of potential vulnerabilities is needed. For those systems having very high integrity requirements, the potential vulnerability and risk needs to be carefully considered before conducting critical clean up procedures. : csivvn : csi_vvn : csi_vvn
  • 20. Final Analysis  This step primarily considers all the steps conducted (discussed above) till that time and an evaluation of the vulnerabilities present in the form of potential risks.  Further, the tester recommends to eliminate the vulnerabilities and risks. Above all, the tester must assure the transparency of the tests and the vulnerabilities that it disclosed. : csivvn : csi_vvn : csi_vvn
  • 21. Report Preparation  Report preparation must start with overall testing procedures, followed by an analysis of vulnerabilities and risks. The high risks and critical vulnerabilities must have priorities and then followed by the lower order.  However, while documenting the final report, the following points needs to be considered −  Overall summary of penetration testing.  Details of each step and the information gathered during the pen testing.  Details of all the vulnerabilities and risks discovered.  Details of cleaning and fixing the systems.  Suggestions for future security. : csivvn : csi_vvn : csi_vvn
  • 22. Security Testing Methodology  Lets surf Online… : csivvn : csi_vvn : csi_vvn
  • 23. Thanks to All Any Query? Call : +91.9099082532 : csivvn : csi_vvn : csi_vvn Like/Follow for Notification of Latest Cyber Security & Technology's Update.