Everything You Need To Know About Penetration Testing .pdf
Original filename: Everything You Need To Know About Penetration Testing.pdf
Title: PowerPoint Presentation
Author: Malti Nirankari
This PDF 1.5 document has been generated by Microsoft® PowerPoint® 2013, and has been sent on pdf-archive.com on 13/06/2018 at 15:42, from IP address 207.244.x.x.
The current document download page has been viewed 71 times.
File size: 550 KB (7 pages).
Privacy: public file
Download original PDF file
Everything You Need To Know
About Penetration Testing
Penetration Testing is a proactive measure to assess the
security of an IT infrastructure.
It is prepared by trying to exploit system vulnerabilities like
OS, application defects, dangerous end-user behaviour and
Penetration testing for a web application is a security
mechanism of an IT infrastructure, which gets tested with
These tests are managed by using physical or
computerized technologies, by methodically challenging
network devices, wireless networks, web applications,
endpoints, and servers.
Once a particular system has been successfully exploited
the compromised system might be used to launch further
exploits in other internal resources, hence trying to
achieve deeper access in the system, while trying to
achieve higher levels of security.
The elementary purpose of penetration testing service providers is to
check the security as well as usability of systems and evaluate
consequences associated with its usage.
Web application penetration testing should be routinely carried out
by a firm in order to make sure secure and safe functioning of web
What Are The Possible Causes Of Vulnerabilities?
Errors that may be caused during design and development phase
Incorrect system configuration
Advantages Of Penetration Testing:
Effectively take care of susceptibilities
Reduces the cost associated with the network downtime
Meet regulatory demands and curb fines
Capability to maintain a positive image of the organization
Assess network efficiency
Upgrading existing infrastructure may lead to vulnerabilities which can
be identified by pen testing.
A pen tester scans the target machine in order to find the weakness in the systems. The 2 main activities of the
scanning phase are port scanning and vulnerability scanning.
Port scanning helps to identify a list of opened ports in the target and based on the list of ports you can
determine what kinds of services are running in the system.
At the end of port scan you will have the
• Number and kind of opened ports
• Kind of services running on the servers
• Vulnerabilities of the services and software
if you are looking for a free vulnerability
scanner, you can use expose community
edition from rapid7.
If you have any doubt about which tool to
apply for scanning, use Nmap. This tool
generates a complete list of opened ports in
your target. You can use it both in Windows
and Linux environment.
Once you find the list of open ports, the next step is to start looking for a vulnerability in the servers. One of the
efficient tools to vulnerability scan is Nessus. Remember that Nessus is not a free tool.You can also find best
penetration testing service providers via various online resources.
The graphical interface for Windows is called Zenmap, which you can run without learning any command. But,
for greater control and granularity for the output, you need to learn the commands.
Category: Vulnerability Scanner
OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went
proprietary in 2005. The free version of Nessus today only works in non-enterprise environments. For security
audit purposes, Nessus remains a popular vulnerability scanner, however, program scans now require a license
fee of about $3,000 a year.