Penetration Testing may be additionally called as pen testing or ethical hacking which is a practice of testing a computing system network or web application to seek out. Security vulnerabilities that an attacker could exploit. Penetration testing will be automated with the software applications or may be performed manually. This process involves gathering information about the target before identifying tests, the available entry points, attempting to break in either virtually or may be for real and reporting back the findings.
Goals of penetration testing:
The main goal of penetration testing is to spot security weaknesses. Penetration testing can also be used to test an organisation’s security policy, its adherence to compliance of requirements, its employees security awareness and the organisation’s ability to identify and respond to security incidents.
Penetration tests are also sometimes called as white hat attack because in a penetration test the good guys are attempting to break in.
The reasons why this testing is important because it identifies the weak spots in an organisation’s security posture as well as measure the compliance of its security policy, test the staff’s awareness of the security issues and to determine whether and how the organisation will be subject to security disasters.
The penetration testing is to enable weakness in a company’s security policies. The security policy focuses on preventing and detecting an attack on an enterprise’s systems that policy may not include a process to expel hacker.
Penetration testing environment setup:
To setup the environment we need three things
- virtual box setup
- Kali Linux setup
- Metasploitable Linux setup.
- Virtual Box – It is best software used for virtualisation; it is available free for Linux, mac and windows.
how to install virtual box in our system?
- Go to the website depending on the operating system type we can download virtual box setup.
- double click the setup and follow the instructions upto finish.
- The virtual box is installed.
- Kali Linux setup
Kali is the most popular operating system which contains thousands of hacking tools used by ethical hackers. Kali is idle for penetration testing, digital forensics, incident response.
Steps to download kali Linux
- Go to KALI website goto downloads click the suitable software.
- we can download any lighter version of kali linux.
- install the software by virtual box open the virtual box click new then drag the software and click install
- Memory size and speed then follow the instructions. Click virtual machine. When you start for first time it asks for the path and location. Set the location and click the file.
- Click install, set the path location, then follow the procedures it will install.
- Metasploitable Linux Setup
Metasploitable Linux is an intentionally vulnerable Linux virtual machine. The VM can be used to conduct security training, test security tools and practice common penetration testing techniques
How to install Metasploitable Linux?
- Go to the website click the download.
- Extract the zip files .
- Click the virtual box click on new and give the name.
- Give the location of the metasploitable file and click start button. it automatically starts all its servers like database servers etc.
- Give the login id and password, then the window is open.