Pentesting Professional Terms Flashcards
To Explain some coporate or professional speak
What is blackbox penetration testing?
testing with no knowledge of the infrastructure, configuration or applications.
What is greybox penetration testing?
testing with a bit of knowledge roughly equivelant to an employee
What is whitebox penetration testing?
testing done with full access to an application or network.
What is application penetration testing?
testing specifically done on an applications such as webapps or apis. Normally the tester is good at source code review
What is network penetration testing?
Network or infrastructure pentesters assess all aspects of a computer network, including its networking devices such as routers and firewalls, workstations, servers, and applications
What is physical penetration testing?
Physical pentesters try to leverage physical security weaknesses and breakdowns in processes to gain access to a facility such as a data center or office building.
What is social engineering penetration testing?
Social engineering pentesters test human beings. Can employees be fooled by phishing, vishing (phishing over the phone), or other scams? Can a social engineering pentester walk up to a receptionist and say, “yes, I work here”?
What is an incident response plan?
A pre-planned serious of measures to be taken in the event of a cyber incident.
What is a CSIRT?
computer security incident response team
What is a CISO?
chief information security officer
What is a CTO?
chief technical officer
What is a vulnerability
A Vulnerability is a weakness or bug in an organization’s environment, that opens up the possibility of threats from external actors.
What is a CVSS
The Common Vulnerability Scoring System is a way of representing the severity of a vulnerability numerically.
What is an exploit?
An Exploit is any code or resources that can be used to take advantage of an asset’s weakness.
What is risk?
Risk is the possibility of assets or data being harmed or destroyed by threat actors.
