Penetration test is the process of evaluating the information security of your IT department. You test your information security system to find out any security issues. You should answer two questions to determine what kind of penetration test you will perform? 1> Who is going to be the potential hacker? For exmp, if you know any grumbling employee may do it, the test has to be conducted within the wall of the company. 2> What kind of notice you will give your IT people about the testing. I emphasize the following areas to perform penetration test.
- Planning: This should be the first step of your test. You have to set an objective of the test. Which systems will be tested? How will they be tested? What testing tools will be used? Will the test take place from inside or outside the customer’s network? What does the customer want from the test? These and other objectives must be defined prior to testing
- Simulate Hacking: The next step is going to be information gathering. You have to pose yourself as an outside hacker. You only have the name of the company website. Now, you have to steal as much information possible from the company website. In other word, you have to break the network of the company.
- Actual Loopholes: The third step is to do the manual testing based upon the information gathering. You have to use hacker’s trick to assess where and why the system goes wrong. Those tricks may include spoofing, Network Sniffing, Trojan Attack, Brute Force Attack etc.
- Social Engineering: Penetration test is not going to be complete without this non-technical process. Sometimes the attacker uses the human nature to get access to the network system. This can be direct observation practice, looking Password on a stick on pad or talking different sources until the hacker gets enough information.
Filed under
Information Securty | Tags:
Brute Force,
Network Security,
Spoofing,
Trojan | Comment Below
Related?
Review of Webload, an Open Source Load Test Tool March 7th, 2009 Overview:
WebLOAD 8.3 is an open source tool for load test, stress test and performance test that is sponsored by RadView and is released under GNU Public License. It can perform loadtest on any Internet application that uses Web 2.0 & AJAX applications.
Review of Web Based Project Management Tool, Test CasesFebruary 19th, 2009 Elementool Inc, the leading developer of Project Management software, launched On Line Project Management tool, Test Cases yesterday. This software is suitable for real time system such as banks, hospitals, and airplanes where critical bugs may cause serious business loss.
Review of LiquidTest, Web Test Automation FrameworkJune 4th, 2009 LiquidTest is a browser based automated web application testing framework. It contains Eclipse rich client application for recording browser action produces output test script in Java, C#, Groovy, Ruby and other languages.
Will Software Product Development be the Hottest Industry in India?December 27th, 2008 If you consider about investment, India should be placed in the top destination category. Most of the leading software development companies including Microsoft, Intel, SAP, SUN, Oracle etc have their presence in India.
Try the New Cloud Based Ruby Testing Framework Devver if You Need to Speed up Ruby TestingJune 20th, 2009 Devver takes the combination of all of the tools that developers use at their desktop and convert them into cloud service. Currently, they emphasize Ruby tools and testing.
A Close Look of Database Test Tool DTM Data GeneratorOctober 23rd, 2008 DTM Data Generator is a very useful tool to generate data for database testing process like performance testing, QA testing, loading tests etc. The DBA, now a days, spends lot of hours to create test data before using it for database testing. This tool automatically creates test data, database tables and sets of INSERT/UPDATE statements.
Review of WebLoad, an Open Source Load Testing ToolJuly 27th, 2008 Overview:
WebLOAD provides a comprehensive and robust environment for load testing, stress testing and performance testing. It can load-test any Internet application, including applications that use Web 2.0 and AJAX.
Can Quantum Computer Overshadow PC in the Distant Future?July 1st, 2008 A quantum computer is a device for computation that makes direct use of distinctively quantum mechanical phenomena, such as superposition and entanglement, to perform operations on data. Traditional computers shuffle information in the form of binary numbers, the digits 1 and 0, which are remembered by the "on" and "off" positions of tiny switches, or "bits", on the circuit boards.
