上QQ阅读APP看书,第一时间看更新
Summary
In this chapter, we have discussed a detailed penetration testing methodology with its various views from the development lifecycle and risk management process. We have also described the basic terminology of penetration testing, its associated types, and the industry contradiction with other similar terms. The summary of these key points has been highlighted below:
- There are two types of penetration testings, namely, black-box and white-box. Black-box approach is also known as "external testing" where the auditor has no prior knowledge of the target system. White-box approach refers to an "internal testing" where the auditor is fully aware of target environment. The combination of both types is known as gray-box.
- The basic difference between vulnerability assessment and penetration testing is that the vulnerability assessments identify the flaws that exist on the system without measuring their impact, while the penetration testing takes a step forward and exploits these vulnerabilities in order to evaluate their consequences.
- There are a number of security testing methodologies, but a very few provide stepwise and consistent instructions on measuring the security of a system or application. We have discussed four such well-known open source security assessment methodologies highlighting their technical capabilities, key features and benefits. These include Open Source Security Testing Methodology Manual (OSSTMM), Information Systems Security Assessment Framework (ISSAF), Open Web Application Security Project (OWASP), and Web Application Security Consortium Threat Classification (WASC-TC).
- We have also presented a structured BackTrack testing methodology with a defined process for penetration testing. This process involves a number of steps which have been organized according to the industry approach towards security testing. These include Target Scoping, Information Gathering, Target Discovery, Enumerating Target, Vulnerability Mapping, Social Engineering, Target Exploitation, Privilege Escalation, Maintaining Access, and Documentation and Reporting.
- Finally, we have discussed the ethical view of penetration testing that should be justified and followed throughout the assessment process. Putting ethics on every single step of assessment engagement leads to a successful settlement between auditor and business entity.
The next chapter will guide you through the strategic engagement of acquiring and managing information taken from the client for the penetration testing assignment.