Vulnerability Scanning And Penetration Testing Flashcards
What is a penetration test?
A security test in which an attempt is made to circumvent security controls in order to discover vulnerabilities and weaknesses
What is Active Reconnaissance?
Testing that involves tools that actually interact wit the network and systems in a manner that their use can be observed.
What is Passive Reconnaissance?
Testing where the use of tools do not provide information to the network or systems under investigation
What are Active Tools?
Tools that interact with a target system in a fashion where their use can be detected
ie. Nmap and Zenmap
Nmap
Network Mapper (port scanner)
What are Passive Tools?
Tools that do not interact with the system in a manner that would permit detection, as in sending packets or altering traffic
ie. Tripwire
What is Pivoting?
To move across a network or network traversal
What is Initial Exploitation?
Intended to demonstrate only that a vulnerability is present and exploitable
What is Black Box Testing?
Software-testing technique that consists of finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.
Have no knowledge of the internal workings of the software they are testing
External perspective
What is White Box Testing?
Tests the internal structures and processing within an application for bugs, vulnerabilities, and so on
Has detailed knowledge of the application
Internal perspective
What is Gray Box Testing?
A mix of black box and white box testing
Has some knowledge of the software, network, or systems
What is Vulnerability Scanning?
The process of examining your systems and network devices for holes, weaknesses, and issues and finding them before a potential attacker does
What is an Intrusive test?
A test that changes the system state
What is a Non-intrusive test?
A test car does not directly interact with specific vulnerability
What is a credentialed scan?
A scan determining whether the vulnerabilities exist using a valid set of user credentials
