PDF Archive

Easily share your PDF documents with your contacts, on the Web and Social Networks.

Send a file File manager PDF Toolbox Search Help Contact


Everything You Need To Know About Penetration Testing .pdf



Original filename: Everything You Need To Know About Penetration Testing.pdf
Title: PowerPoint Presentation
Author: Malti Nirankari

This PDF 1.5 document has been generated by Microsoft® PowerPoint® 2013, and has been sent on pdf-archive.com on 13/06/2018 at 15:41, from IP address 207.244.x.x. The current document download page has been viewed 75 times.
File size: 550 KB (7 pages).
Privacy: public file



Download original PDF file








Document preview


Everything You Need To Know
About Penetration Testing

Penetration Testing is a proactive measure to assess the
security of an IT infrastructure.
It is prepared by trying to exploit system vulnerabilities like
OS, application defects, dangerous end-user behaviour and
incorrect forms.
Penetration testing for a web application is a security
mechanism of an IT infrastructure, which gets tested with
these assessments.
These tests are managed by using physical or
computerized technologies, by methodically challenging
network devices, wireless networks, web applications,
endpoints, and servers.

Once a particular system has been successfully exploited
the compromised system might be used to launch further
exploits in other internal resources, hence trying to
achieve deeper access in the system, while trying to
achieve higher levels of security.

The elementary purpose of penetration testing service providers is to
check the security as well as usability of systems and evaluate
consequences associated with its usage.

Web application penetration testing should be routinely carried out
by a firm in order to make sure secure and safe functioning of web
applications.
What Are The Possible Causes Of Vulnerabilities?
Errors that may be caused during design and development phase
Incorrect system configuration
Human mistakes
Advantages Of Penetration Testing:
Effectively take care of susceptibilities
Reduces the cost associated with the network downtime
Meet regulatory demands and curb fines
Capability to maintain a positive image of the organization
Assess network efficiency
Upgrading existing infrastructure may lead to vulnerabilities which can
be identified by pen testing.

Scanning Tools
A pen tester scans the target machine in order to find the weakness in the systems. The 2 main activities of the
scanning phase are port scanning and vulnerability scanning.

Port scanning helps to identify a list of opened ports in the target and based on the list of ports you can
determine what kinds of services are running in the system.

At the end of port scan you will have the
following information:
• Number and kind of opened ports
• Kind of services running on the servers
• Vulnerabilities of the services and software
Nexpose
if you are looking for a free vulnerability
scanner, you can use expose community
edition from rapid7.
Nmap
If you have any doubt about which tool to
apply for scanning, use Nmap. This tool
generates a complete list of opened ports in
your target. You can use it both in Windows
and Linux environment.

Nessus
Once you find the list of open ports, the next step is to start looking for a vulnerability in the servers. One of the
efficient tools to vulnerability scan is Nessus. Remember that Nessus is not a free tool.You can also find best
penetration testing service providers via various online resources.
The graphical interface for Windows is called Zenmap, which you can run without learning any command. But,
for greater control and granularity for the output, you need to learn the commands.

OpenVAS
Category: Vulnerability Scanner
OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went
proprietary in 2005. The free version of Nessus today only works in non-enterprise environments. For security
audit purposes, Nessus remains a popular vulnerability scanner, however, program scans now require a license
fee of about $3,000 a year.


Related documents


PDF Document vulnerability scanning vs penetration testing
PDF Document everything you need to know about penetration testing
PDF Document the best guide for vulnerability scanning
PDF Document online free tools meant for vulnerability scanning
PDF Document six network tools every it department needs
PDF Document relationship between vulnerability and malware scanning


Related keywords