- Feb 26, 2020
What is penetration testing?
- Penetration testing is the process of simulating an attack on a network or system to evaluate the security posture of the system and identify vulnerabilities that can be exploited. This is achieved by simulating various types of attacks on the target network or host.
- The main objective of a pentest is to identify vulnerabilities and document how they can be exploited (POC).
- Penetration testing requires written permission and authorization from the management/top-down authorization model.
- The agreement between an organization and a penetration tester should include the following:
- Scope - What to test
- Timeframe - When to test, and how long the test will take.
Importance of penetration testing
- Testing security controls & policies
- Identifying threats & vulnerabilities
- Compliance and regulation testing & maintenance
- Testing security infrastructure; firewalls, WAF
- Testing new hardware, software or organizational infrastructure
Blue Team & Red Team
- Blue Team - Is a defense team responsible for performing vulnerability assessments and security audits on the company assets and digital infrastructure to identify vulnerabilities and test the effectiveness of security controls. Their primary objective is to defend against attacks and to predict and prevent future ones.
- Red Team - This is an offensive team that simulates attacks on the assets and digital infrastructure of an organization to test the overall security posture and to identify weaknesses and vulnerabilities that can be exploited.
Types of Pentests
- Black-box testing - Is testing that involves zero knowledge or information about the organization's digital infrastructure and or assets. This test is used to assess the overall security posture of an organization, from publicly available information to misconfigurations and social engineering. Black-box testing simulates a real attack scenario and as a result, is extremely comprehensive and granular.
- White-box testing - In this test, the complete digital infrastructure and assets are disclosed to the penetration tester and is primarily used by organizations to test specific sections/areas or to perform a complete security audit.
- Grey-box testing - Involves combining both white and black box testing to simulate attacks from both insiders and outsiders(external threats). Note: Some knowledge of the digital infrastructure is disclosed, not all.
Phases of penetration testing