Penetration Testing

Great Essays
Penetration testing methodology is a document guide for pen-testers on how to successfully complete the Pen-testing process. There are wide range of methodologies and frameworks available. Each has unique characteristics and takes a distinct approach to penetration testing. All factors considered, it is important to apply a methodology that is suitable for each enterprise and institute to achieve the maximum efficiency.
The following table includes comparison between two methodologies-
Open Source Security Testing Methodology Manual (OSSTMM) Information Systems Security Assessment Framework (ISSAF)
OOSTMM as the name implies is a free manual used to conduct security testing in thorough and repeatable manner. This comprehensive document is
…show more content…
Maintaining Access include obtaining rights thorough backdoor.
9. Cover the Tracks includes deletion of penetration tracks and log information.
Phase 3 Reporting, Clean-up and Destroy Artefacts
Phase 3 include producing a report describing the results of the tests as well as reviews and recommendations for improvement.
All information that is created and/or stored on the tested systems should be removed from these systems.
ISSAF is well known to provide a high value position about assessing existing security controls and to connect tasks between themselves. For a beginner pen-tester, it provides a goldmine, however trained pen-testers will probably want to turn themselves to the OSSTMM, another methodology that gives less examples, and more bullet-lists, to keep the content to a smaller volume [1].
Phase 0 Planning and preparation
Planning and preparing is very crucial as it includes understanding the scope and objective as well as the timing and duration in regards to penetration testing. A clear objective is essential prior to conducting the test. The timing is important to ensure that it does not disrupt the normal business and everyday operations of the organisation.

Phase 1 Intelligence
…show more content…
With the aid of internet, there are information’s which can be found to help narrow the scope of activities and provides some insight. By simply visiting the target organisation’s web page, there are lots of information that can be found.
Network enumeration includes identifying the target’s Domain information. Who-is tool is a great way to find target Domain information and network details including IP addresses and points of contact.
DNS interrogation includes interrogating the DNS server of the target organisation to identify the number of server, as well as the server name and mail server. Nslookup is great tool for the job.
Network Reconnaissance includes identifying if the target system is alive. Ping is a great tool for small to medium size network. For larger network, Fping is highly recommended as it is much faster than Ping. Traceroute is another great tool to use. It helps identify access control devices such as application-based firewall or packet-filtering routers.
Port scanning- Scanning is used to identify which ports are open and determine what service are available. Port scanning is like knocking on various doors and windows of house and seeing who answers [5]. One of the best port scanning tool is Nmap. It scans for both the TCP ports and UDP

Related Documents

  • Improved Essays

    The lead of e-commerce is speed, no doubt. However, identity thief and stolen credit cards are common known internet crimes that modern people recognizes. Practicing business over the internet is fast and convenient but also comes with security concerns. Security or privacy should be the number one priority between businesses and its customers. Therefore, companies must offer the maximum security for their customers and be alert of any faults in the system.…

    • 1726 Words
    • 7 Pages
    Improved Essays
  • Improved Essays

    Teradata Case Study

    • 999 Words
    • 4 Pages

    The main attraction of Teradata is its scalability, parallel processing and high performance. It generates an optimal plan for the query within few seconds. Teradata can save upto Teradata bytes in size. The concept of parallelism makes Teradata the industry giant in data warehousing applications. Teradata is based on the shared nothing architecture.…

    • 999 Words
    • 4 Pages
    Improved Essays
  • Superior Essays

    IT Security Policy

    • 1073 Words
    • 4 Pages

    A cybersecurity policy is critical to the safety of an organization. A policy establishes guidelines for an organization, and makes expectations clear for every employee of the organization. It is important that these guidelines are clear, and concise. This helps and end user understand what is expected out of them, and what they should expect from their IT security department. When building a cybersecurity policy one must keep in mind any potential situations and address them in the policy (Easttom, 2012).…

    • 1073 Words
    • 4 Pages
    Superior Essays
  • Improved Essays

    A testing management usually provides these reports by project dashboards. In conclusion, the software testing management tool can be integral in each phase of the software development process to manage quality. 2.4 Advantages and Disadvantages As with any tool there are advantages and disadvantages to using it. The merits of including a software testing management tool that it can easily configure powerful manual or automatic tests and scheduled them automatically. Each test case and each test case version and corresponding scripts are archived for quality control and future use.…

    • 2212 Words
    • 9 Pages
    Improved Essays
  • Great Essays

    SOFTWARE REQUIREMENT SPECIFICATION Software development life cycle(SDLC) consists various phases: requirement gath- ering and analysis, design, implementation or coding phase, testing, deployment and maintenance. In this section, we specify the software requirements of the proposed EFFM system. This phase is critical to the success of the project. Requirement analy- sis is an art and science. In requirement gathering and ananlysis, customer expectations need to be eshed out in great detail and documented.…

    • 1824 Words
    • 8 Pages
    Great Essays
  • Great Essays

    Testing Metrics We will know that our design works well if we satisfy all the goals for each metric. Metrics 1, 3, and 4 will verify success, as these are crucial to usability and responsiveness. From the State of Art Review and multiple research sources, the features which make a software most usable and responsive are features which are intuitive and visual. Metrics derived from these objectives can be used to evaluate the proposed features, as well as propose new features. Currently, the proposed features to include in the mapping software are mouse gestures, multitasking, use of icons, and function buttons.…

    • 1830 Words
    • 8 Pages
    Great Essays
  • Improved Essays

    The DHCP server will then respond with an IP address that your computer will utilize for that session. 6. (5 points) What benefits and problems does dynamic addressing provide? The most important benefit of using a dynamic IP address is that it will be much harder for someone to gain access. However, a major problem would be the IP address changing frequently, as this would be…

    • 766 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    Conversion –> It provides information like ‘do users take a desired action on the site?’ Features of Google Analytics Google Analytics is one of the top and most powerful tool to monitor and analyze traffic on the website. It helps us giving enormous information about site visitors, their activities, and the sources of entry etc. Following are the few important contents Google Analytics provides: -  Where your visitors are coming from – It is very important to target a specific audience.  How your visitors found your website – It is important to determine which of our efforts are paying off. This facility shows whether visitors found our site directly or through a referral from another website (ex: Twitter, Facebook), or from search engines.…

    • 1256 Words
    • 6 Pages
    Improved Essays
  • Improved Essays

    Kaushik Web Analytics

    • 1282 Words
    • 6 Pages

    Most likely some level of compromise will be necessary in order to provide the best experience for most users. Search Robots or Web Crawlers are tangentially related to the concepts discussed above since they have the task of systematically indexing the web. In plain words, web indexing serves the purpose of making available for regular users the websites that are public. Search robots use their software to update the content they find on the web by copying pages and processing them. This is done so that users can find the pages faster and effectively4 even if the pages are offline.…

    • 1282 Words
    • 6 Pages
    Improved Essays
  • Great Essays

    Kelly's Salon Case Study

    • 1186 Words
    • 5 Pages

    Because SaaS is a web-based solution, configuration will be done by an IT expert on HTTPS to allow uses authenticate data transfer location. Subsequently, this kind of configuration guarantees data integrity and privacy important aspects of Kelly’s saloon. Alternatively, the system might be configured on PostgreSQL, which directly backs up data to the servers. d. Testing Testing of SaaS integrates different techniques such as Agile that accelerates the procedure. SaaS has an automated vendor that offers testing services.…

    • 1186 Words
    • 5 Pages
    Great Essays

Related Topics