Topic 3 Flashcards
An attempt to exploit vulnerabilities to determine whether unauthorized access or other malicious activity is possible
Penetration Testing
Computer System Servers/Networks, Applications Vulnerabilities
Design and implementation
Poor system configuration
Insecure network
System complexity
Human errors - coding errors
Primary purpose of Penetration Testing
To discover vulnerabilities
Test for security compliance
Verify staff awareness
Phases of Penetration Testing
Planning & Reconnaissance
Scanning & Discovery
Exploitation
Risk analysis and Suggestions
Report Generation
Penetration Testing Types
Web Application
Network Services
Social Engineering
Client Side
Types of Penetration Testing Based on Knowledge of Target
Black Box testing
Grey Box Testing
White Box Testing
Zero Knowledge of Target
Black Box testing
Some Knowledge of Target
Grey Box Testing
Full Knowledge of Target
White Box Testing
Types of Penetration Testing Based on Position of Penetration Tester
External Penetration Testing
Internal Penetration Testing
Targeted
Blind Test
D-Blind