Penetration testing is a type of testing performed to discover any potential security breaches in the software before any hacker does it. This type of testing is used on a computer network system to check the security vulnerabilities that a attacker could exploit. Penetration testing is also called as Pen testing or ethical hacking.
Penetration testing is performed manually or automated with any software testing tools. This process involves information gathering about the target and identifying the possible entry points, making an attempt to break in and reporting back the errors which are targeted. The main objective of penetration testing is to identify the security weakness. It is used in an organisation to check the security features and its adherence to compliance with requirements.
Penetration testing is also called as white hat attacks because in a pen tests, the hackers are breaking into the software security. The primary goal of pen testing is to identify all weak spots in an organisation’s security posture. Although the security policy focuses on preventing the attack on an enterprise’s system the policy may not include a process to dismiss the hacker. The penetration testing should run whenever the organisation:
- Adds a new network or application software
- Makes some important upgrades to its application systems or infrastructures
- Establishes offices in new locations or shifts the office to some other locations.
- Applies security patches
- Modifies some end user policies
Penetration testing often use some automated tools to avoid the vulnerabilities. This testing tool examines the data encryption techniques and can identify hard coded values such as usernames and passwords. Some of the open source pen testing tools include:
The met spoilt project: It is an open source project from Rapid 7. It collects penetration tools which can be used for servers, web based applications. It can be used to uncover the security issues, to verify vulnerabilities and to manage security issues.
The port scanner: It scans all systems and the networks for vulnerabilities linked to open ports.
Wire shark: It is a tool for profiling the network traffic and for analysing the network packets.
John the Ripper: It uses different password crackers into package, the pen testers use these tools to find the attacks regarding password weakness in system databases.
- What is penetration testing? What are its advantages?