COVID-19 IS REAL PLEASE STAY AT HOME, FOR ADVERT PLACEMENT OR INQUIRY PLEASE CALL: 08166201592 OR 09031936614 THANKS Penetration Testing Skip to main content

Penetration Testing


Penetration test, which  is also known as pentest, is an authorized simulated cyberattack on a computer system, which is aimed at evaluating the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths,enabling a full risk assessment to be completed.

Types of Web Penetration Testing

Web applications can be penetration tested in 2 ways. Tests can be designed to simulate an inside or an outside attack.
1) Internal Penetration Testing –
As the name suggests, the internal pen testing is done within the organization over the LAN, hence it includes testing web applications hosted on the intranet.
This helps in finding out if there could be vulnerabilities which exist within the corporate firewall.
We always believe attacks can happen only externally and many a time’s internal Pentest is overlooked or not given much importance.
Basically, it includes Malicious Employee Attacks by disgruntled employees or contractors who would have resigned but aware of the internal security policies and passwords, Social Engineering Attacks, Simulation of Phishing Attacks, and Attacks using User Privileges or misuse of an unlocked terminal.
2) External Penetration Testing –
These are attacks done externally from outside the organization and include testing web applications hosted on the internet.
Testers behave like hackers who aren’t much aware of the internal system.
To simulate such attacks, testers are given the IP of the target system and not provided any other information. They are required to search and scan public web pages and find our information about target hosts and then compromise the found hosts.
Basically, it includes testing servers, firewalls, and IDS.
 Five phases of penetration Testing

1. Reconnaissance - The act of gathering important information on a target system. This information can be used to better attack the target. For example, open source search engines can be used to find data that can be used in a social engineering attack.

2. Scanning - Uses technical tools to further the attacker's knowledge of the system. For example, Nmap can be used to scan for open ports. Download Nmap

3. Gaining Access - Using the data gathered in the reconnaissance and scanning phases, the attacker can use a payload to exploit the targeted system. For example, Metasploit can be used to automate attacks on known vulnerabilities. Download Metasploit

4.Maintaining Access - Maintaining access requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible.

5. Covering Tracks - The attacker must clear any trace of compromising the victim system, any type of data gathered, log events, in order to remain anonymous.

3 Best Penetration Testing Softwares

1.BTS Pentesting Lab  Download
2. OWASP Bricks.         Download
3. OWASP BWAP          Download


 Importance and the need for Web App Pen Testing:

1. Pentest Helps in identifying unknown vulnerabilities.

2. Helps in checking the effectiveness of the overall security policies.

3. Help in testing the components exposed publicly like firewalls, routers, and DNS.
Lets user find out the most vulnerable route through which an attack can be made

4. Helps in finding the loopholes which can lead to theft of sensitive data.

If you look at the current market demand, there has been a sharp increase in mobile usage, which is becoming a major potential for attacks. Accessing websites through mobiles are prone to more frequent attacks and hence compromising of data.

Penetration Testing thus becomes very important in ensuring we build a secure system which can be used by users without any worries of hacking or data loss.

Web Penetration Testing Methodology

The methodology is nothing but a set of security industry guidelines on how the testing should be conducted. There are some well established and famous methodologies and standards which can be used for testing, but since each web application demands different types of test to be performed, testers can create their own methodologies by referring the standards available in the market.
Some of the Security Testing Methodologies and standards are –
  • OWASP (Open Web Application Security Project)
  • OSSTMM (Open Source Security Testing Methodology Manual)
  • PTF (Penetration Testing Framework)
  • ISSAF (Information Systems Security Assessment Framework)
  • PCI DSS (Payment Card Industry Data Security Standard)
Click Here to Start Practicing Penetration Testing

Recommended Video on how to Install 

Acunetix Web Vulnerability Scanner (WVS) Security Testing Tool

 

Click Here to Watch

Popular posts from this blog

Basic Turmux Commands

Turmux is an android terminal emulator that enables command line interface, just like command prompt , it  works directly with no rooting or setup required Basic Command Codes and Their Functions cp -v This is used to prints informative massage cp -r This is used to copy any directory mv -u This is used to update-move when source is newer than destination mv -v This is used to move any directory ls -n This is used to display UID and GID directory ls --version This is used to check the version of ls command cd -- This is used to show last working directory from where we moved ls -l This is used to show file action like - modified, date and time, owner of file, permissions Etc. ls help This is used to show display how to use "ls" command cp -n no file overwrite cd ~ This is used to move to users home directory from anywhere mv [file1 name] [new file2 name] This is used to move or rename two file at a time cd - This is used to move one directory back from...
Read more

Steps in Troubleshooting a System

Step By Step in  Troubleshooting a System Do you know what to do if your screen goes blank? What if you can't seem to close an application, or can't hear any sound from your speakers? Whenever you have a problem with your computer, don't panic! There are many basic troubleshooting techniques you can use to fix issues like this. In this lesson, we'll show you some simple things to try when troubleshooting, as well as how to solve common problems you may encounter. General Tips to keep in mind There are many different things that could cause a problem with your computer. No matter what's causing the issue, troubleshooting will always be a process of trial and error  in some cases, you may need to use several different approaches before you can find a solution; other problems may be easy to fix. We recommend starting by using the following tips. Write down your steps : Once you start troubleshooting, you may want to write down each step you ta...
Read more

Step by Step of Becoming an Ethical Hacker

INTRODUCTION : What is Hacking? Hacking of computerized electronic machines and networks is considered as the biggest national threat by the security services and the intelligence agencies of many countries. Hacking was once considered as a harmless activity to improve  an existing computerized machine by identifying its strength and weakness. But now hacking is more or less of a crime than any other. In some countries hacking is considered on the same level as terrorism. It is condemned large by the world governments. Types of Hacking 1. White Hat Hacking ( Ethical Hacking) 2. Black Hat Hacking ( Crackers) Ethical hacking : An Ethical hacking  is a process  of building , fortifying, securing a computerized machine and networks by knowing its strength and weakness .  To do that, the ethical hacker must get into the mindset of whoever is trying to break into their system.  They will thoroughly check their system for weaknesses, and figure out how they...
Read more