Penetration testing

Question 1

What is penetration testing?

Answer 1

This is testing a organizations resistance to external attacks, by exploiting vulnerabilities in the security systems.

Question 2

What is white box testing?

Answer 2

This is operated as and insider threat, knowing such as platform systems configuration, opearting system, hardware

Question 3

What is black box testing?

Answer 3

This is done by a external threat view less knowledge of the environment and requires recon and discovery, ideally testers should have similar skill levels as the attackers you might have

Question 4

what is gray box testing?

Answer 4

This is middle of the road approach that borrows from both black/white box , this could be done for time constraints, or testing a certain system

Question 5

What are the rules of engagment?

Answer 5

Defines the parameters of the test, scoping of the when and what, also gives a timeline for the test, and lastly when the test will proceed and set the legal concerns. As well as third party concerns

Question 6

Phases of penetration testing

Answer 6

Recon>Initial access>privilege escalation>Pivoting/lateral movement>Maintain persistence>Reporting>Cleanup

Question 7

Penetration testing - cleanup

Answer 7

Closing out penetration test, putting everything back the way it was

Question 8

what are bug bounties?

Answer 8

Its responsible disclosure programs, this is outside testing, and help discover vulnerabilities, and provide incentive to testers