Add to collection(s) Add to saved
  1. No category
Uploaded by Ashley Sosbe

2.1.2 penetration test process and types facts

advertisement 
12/7/22, 11:20 PM
TestOut LabSim
2.1.2 Penetration Test Process and Types Facts
A penetration tester's job is extremely important. Computers and networks are constantly under
attack. To combat these hackers, organizations hire penetration testers.
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of
securing a computer or network system. The terms penetration testing and ethical hacking are
often used interchangeably. However, ethical hacking is an all-embracing term that includes all
hacking methods. Penetration testing is a part of ethical hacking.
This lesson covers the following topics:
Red team vs. blue team
Ethical hacking methodology
Penetration testing life cycle
Penetration testing frameworks
Penetration testing types
Red Team vs. Blue Team
Offensive security specialists are known as the red team, or ethical hackers. The defensive
security specialists are known as the blue team.
Ethical Hacking Methodology
There are five phases in the ethical hacking methodology:
Phase
Performing
reconnaissance
Scanning and
enumeration
Description
In this phase, the hacker begins gathering information about the target. This can
include gathering publicly available information, using social engineering techniques,
or even dumpster diving.
Scanning is a natural extension of reconnaissance. The hacker uses various tools to
gather in-depth information about the network, computer systems, live systems, open
ports, and other features. Extracting information such as usernames, computer names,
network resources, shares, and services is known as enumeration. Enumeration is a
part of the scanning step.
Establishing
access
In this phase, the hacker uses all the information gathered through reconnaissance
and scanning to exploit any vulnerabilities found and gain access.
https://labsimapp.testout.com/v6_0_530/index.html/productviewer/834/2.1.2?__hstc=185476278.6744eef76f12076ea602e0191d43c18f.16695115609…
1/3
12/7/22, 11:20 PM
Maintaining
access
Clearing tracks
TestOut LabSim
Once the hacker has gained access, he can use backdoors, rootkits, or Trojans to
establish permanent access to the system.
The final step in the hacking process is clearing tracks. The hacker overwrites log files
to hide the fact they were ever there.
Penetration Testing Life Cycle
Another methodology is the penetration testing life cycle. The penetration testing life cycle is
almost identical to the ethical hacking process. The steps are:
1. Performing reconnaissance
2. Scanning and enumeration
3. Establishing access
4. Maintaining access
5. Reporting
The only difference is the focus on the documentation of the penetration test. A detailed report
of the tests performed and everything that was discovered is important.
Penetration Testing Frameworks
Multiple penetration testing frameworks have been developed and are be used in appropriate
situations.
Framework
Open Web Application
Security Project (OWASP)
Open Source Security
Testing
Methodology Manual
(OSSTMM)
National Institute of
Standards
and Technology Special
Publication
Description
Describes techniques for testing the most common web applications and
web service security issues.
Attempts to create one accepted method for a thorough security test.
Is a guide to the basic technical aspects of conducting information security
assessments.
800-115 (NIST SP 800-115)
https://labsimapp.testout.com/v6_0_530/index.html/productviewer/834/2.1.2?__hstc=185476278.6744eef76f12076ea602e0191d43c18f.16695115609…
2/3
12/7/22, 11:20 PM
TestOut LabSim
Penetration Testing Types
The following table identifies the different types of penetration tests:
Type
Description
Black
The ethical hacker has no information regarding the target or network. This type of test best
box
White
simulates an outside attack and ignores the insider threats.
The ethical hacker is given full knowledge of the target or network. This test allows for a
box
comprehensive and thorough test, but is not very realistic.
Gray
The ethical hacker is given partial information of the target or network, such as IP configurations
box
or emails lists. This test simulates an insider threat.
Copyright © 2022 TestOut Corporation All rights reserved.
https://labsimapp.testout.com/v6_0_530/index.html/productviewer/834/2.1.2?__hstc=185476278.6744eef76f12076ea602e0191d43c18f.16695115609…
3/3
Related documents
Cybersecurity announcement
Cybersecurity announcement
security plus
security plus
EC-Council - Certified Ethical Hacker v5
EC-Council - Certified Ethical Hacker v5
Group-Reflection-Paper
Group-Reflection-Paper
Inputs on the "Draft guidelines for determination of baseline
Inputs on the "Draft guidelines for determination of baseline
Penetration testing slides
Penetration testing slides
Download
advertisement