Conducting a Penetration Test on an Organization Essay

5625 Words Jan 5th, 2016 23 Pages
Interested in learning more about security?

SANS Institute
InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.

Conducting a Penetration Test on an Organization
This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test.


Copyright SANS Institute
Author Retains Full Rights

Conducting a Penetration Test on an Organization



What is a Penetration Test?


fu ll r
…show more content…
fu ll r igh ts.

What is a Penetration Test?




Penetration tests are a great way to identify vulnerabilities that exists in a system or network that has an existing security measures in place. A penetration test usually
Key involves the= use of FA27 2F94methods conducted by trusted individuals that are fingerprint AF19 attacking 998D FDB5 DE3D F8B5 06E4 A169 4E46 similarly used by hostile intruders or hackers. Depending on the type of test that is conducted, this may involve a simple scan of an IP addresses to identify machines that are offering services with known vulnerabilities or even exploiting known vulnerabilities that exists in an unpatched operating system. The results of these tests or attacks are then documented and presented as report to the owner of the system and the vulnerabilities identified can then be resolved.






Bear in mind that a penetration test does not last forever. Depending on the organization conducting the tests, the time frame to conduct each test varies. A penetration test is basically an attempt to breach the security of a network or system and is not a full security audit. This means that it is no more than a view of a system’s security at a single moment in time. At this time, the known vulnerabilities, weaknesses or misconfigured systems have not changed within the time frame the

Related Documents