What is penetration testing(Ethical Hacking)

Penetration tests (also called pen tests) test computer systems, networks, or web applications to discover that an abuser may exploit the real loophole.

Pen test can be automated software application or manually. Both methods involve collecting information about the target (reconnaissance), identifying possible entry points, and reporting the result (virtual or actual) before reporting the test.

The main purpose of penetration testing is to identify security vulnerabilities. The written test can also be used to test organizational security policy compliance, employee safety awareness and organizational perception, response to security events.

In the pen test, it is sometimes called an attack by a white man's hat. Because, in the pen test, a good person tries to break.

The pen test strategy includes the following.

Target test

Target testing was conducted by the organization's IT team and penetration testing team. Sometimes it is called the "turn on" method, as everyone can see the ongoing tests.

External test

This pen tests external visibility servers or devices, such as Domain Name Server (DNS), Email Server, Web Server, Firewall. Its purpose is to check whether an external attacker can intrude and whether the intruder can access it

Internal detection

This test simulates an internal attack with an authorized user with standard access rights behind a firewall. This test helps to predict the harm of employees who are dissatisfied.

Blind test

The blind test strategy simulates the actual attacker's behavior and procedures by strictly limiting the information provided to the person performing the test and the team. Often, they are given only the name of the company. This type of test can take a long time to detect, which can be expensive.

Double blind test

A double-blind study is subject to a further blinded exam. In this written exam, only 1 or 2 people in the organization may know the ongoing test. A double-blind trial can be used to test the organization's safety monitoring and event recognition and its corresponding process.


Image source: https://goo.gl/NZLuWW