Penetration testing attempts to exploit weaknesses or vulnerabilities in systems, networks, human resources, or physical assets in order to stress test the effectiveness of security controls.

The different types of penetration tests include network services, applications, client side, wireless, social engineering, and physical. A penetration test may be performed externally or internally to simulate different attack vectors. Depending on the goals of each test, a penetration tester may or may not have prior knowledge of the environment and systems they’re attempting to breach. This is categorized as black box, white box, and gray box penetration testing.

Continue reading: [ Ссылка ]

Video Chapters
------------------------------
00:00 - Introduction
01:08 - What Is Penetration Testing?
02:59 - What Is The Primary Purpose Of Penetration Testing?
04:11 - Reporting On Findings
05:20 - What Are The Different Approaches To Penetration Testing?
05:48 - Black Box Testing
06:44 - White Box Testing
07:56 - Gray Box Testing
09:20 - Network Services
10:34 - Web Applications
13:09 - Client Side
13:50 - Wireless
15:06 - Social Engineering
16:19 - Physical

About The Author
------------------------------
Jason Firch, MBA
[ Ссылка ]

Related Videos
------------------------
► What Is Vulnerability Management?
[ Ссылка ]
► Common Types Of Network Security Vulnerabilities In 2022 [ Ссылка ]
► 7 Data Loss Prevention Best Practices
[ Ссылка ]
► The 3 Types Of Security Controls
[ Ссылка ]
► Red Team VS Blue Team: What’s The Difference?
[ Ссылка ]
► What Is A Security Operations Center?
[ Ссылка ]
► Firewall Penetration Testing: Steps, Methods, & Tools
[ Ссылка ]

Resources & Links
------------------------------
A Beginner’s Guide To Understanding Penetration Testing
[ Ссылка ]

50 Free Information & Cyber Security Policy Templates
[ Ссылка ]

What Is A Penetration Test?

A penetration test involves a team of security professionals who actively attempt to break into your company’s network by exploiting weaknesses and vulnerabilities in your systems.

Penetration tests may include any of the following methods:

Using social engineering techniques to access systems and related databases. Sending of phishing emails to access critical accounts.
Using unencrypted passwords shared in the network to access sensitive databases.

These attempts can be far more intrusive than a vulnerability scan and may cause a denial of service or increased system utilization, which may reduce productivity, and corrupt the machines.

In some cases, you may schedule penetration tests and inform staff in advance of the exercise. However, this wouldn’t be applicable if you want to test how your internal security team responds to a “live” threat.

For example, red team exercises are often performed without informing staff to test real-world threat scenarios.

In this case, it’s important to inform the blue team lead, CISO, or upper-level management of the exercise. This ensures the response scenario is still tested, but with tighter control when/if the situation is escalated.

Regardless of the scenario you should conduct a penetration test with a specific intent and clearly define your wants and needs with the penetration testing team.

For example, you may just finish rolling out a new security program for your business and want to test its effectiveness.

A penetration test can determine if certain objectives of the program have been achieved such as maintaining 99.99% availability during an attack, or ensuring data loss prevention (DLP) systems are blocking would-be attackers from exfiltrating data.

--------------------------------------

► If you need help securing your business from cyber attacks then feel free to reach out: [ Ссылка ]

► Follow us on Twitter: [ Ссылка ]

► Find us on Pinterest: [ Ссылка ]

#pentesting #PurpleSec #cybersecurity

свернуть