Penetration Testing: Definition, Phases and Types

What is Penetration Testing?

A simulated cyber attack performed on a computer system to check for exploitable vulnerabilities is called penetration testing or simply pen testing. Through regular penetration testing, we can discover new vulnerabilities in the system that are missed or omitted during a vulnerability assessment. Also, this helps the organization to set up a more secure computer and network system in the working ecosystem.

Phases of penetration testing

Phases of penetration testing

1. Planning and Reconnaissance

This phase includes gathering information about the target system through public and private sources like networks, domain names, mail servers, etc. This helps the pen testers to get preliminary information about the target system.

2. Scanning

In this phase, pen testers use various tools to examine the target system vulnerabilities. Pen testers can scan the application's code in a running state and how it behaves during testing.

3. Gaining access

In this phase, pen testers use web application attacks such as XSS attacks, SQL injection, etc. to unmask target vulnerabilities. Testers then try to exploit these vulnerabilities by stealing data, intercepting traffic, deleting data, or simply damaging systems applications.

4. Maintaining access

After gaining access to the system, pen testers maintain this access in this phase to accomplish their goals of exfiltrating data, modifying it, abusing functionality, etc.

5. Analysis 

The results of the penetration testing are finally compiled into a report stating the exploited vulnerabilities, sensitive data breached and the amount of time the pen tester was able to remove the vulnerabilities from the system.

Types of Penetration Testing

1. Web Testing

In this penetration testing, web application vulnerabilities are exploited and security gaps are checked.

2. Network Testing

In this type of penetration testing, vulnerabilities in public and private networks are exploited. This can happen due to SSL certificate issues, HTTP protocol, etc.

3. IoT Testing

In this type of penetration testing, vulnerabilities in various IoT devices like T.V, A.C, etc are exploited.

4. Cloud Testing

In this type of penetration testing, vulnerabilities in cloud servers and workstations are exploited through remote access.

Popular Posts

Conducting Polymers: Definition, Examples, Properties and Applications

Image
What are Conducting Polymers? As the name suggests organic polymers that conduct electricity are known as conducting polymers. They are also known as intrinsically conducting polymers (ICPs) and they have alternating single and double bonds along the polymer backbone (conjugated bonds) or that are composed of aromatic rings such as Phenylene, naphthalene, anthracene, pyrrole, and thiophene which are connected through carbon-carbon single bonds. Examples: Polyacetylene, Polypyrrole, Polyaniline, etc What is the reason behind conducting nature of these polymers? Conducting polymers comes in two forms that are doped conducting polymers and non-doped conducting polymers. The conductivity of non-doped conjugated polymers is due to the existence of a conductivity band similar to a metal. In a conjugated polymer, three of the four valence electrons form strong sigma bonds through sp² hybridization where electrons are strongly localized. The remaining unpaired electron of each carbon atom re
Read more

Crime Scene: Definition, Types and Characteristics

Image
What is a Crime Scene ? A place where the crime is committed or where the maximum physical evidence related to crime is found is known as a crime scene. A crime scene is a starting point of the investigation which provides information about the suspect and the victim. This helps to reconstruct the crime and fast resolution of the case. It is noted that the crime scene is not limited to a single place but may extend to a wider area depending upon the nature of the crime committed. For example, In a murder case where murder is done at one place and the body is disposed on another place. In this case, we have two crime scenes that give information about the crime. Types of Crime Scene Based on evidence found on the crime scene: 1. Primary Crime Scene The crime scene where the actual crime occurred or where more usable pieces of evidence were found is known as the primary crime scene. For example, A murder scene, theft, assault, etc. 2. Secondary Crime Scene The crime scene which is some
Read more

Raman Spectroscopy: Principle, Instrumentation and Applications

Image
What is Raman Spectroscopy? Raman spectroscopy was given by an Indian Physicist Sir C.V Raman , which is based on inelastic scattering of monochromatic light with the sample. The resulting light will have a different frequency than incident light due to this inelastic scattering.  This technique is widely used to analyze vibrational, rotational, and other low-frequency interactions in the molecule. This significantly helps in the elucidation of molecular structure, identifying functional groups, etc. Principle of Raman Spectroscopy Raman spectroscopy is based on the inelastic scattering of electromagnetic radiation with the molecule. We have two types of scattering that are elastic and inelastic scattering.  Elastic scattering obeys the Rayleigh law that states that there will be no loss of energy and momentum of the incidence radiation and scattered radiation. That's why this scattering is also known as Rayleigh scattering. Whereas, there will be some conditions (1 in million
Read more