What Is Penetration Testing ?
Penetration testing which is also known as pen test is a step take by ethical hacker or cyber security expert to find the vulnerability into the system and exploit them with the permission of the system owner. Penetration testing is a process of testing the system, web application, server and network to find the vulnerability either by tools or manually.
Objective Of Penetration Testing
Objective of penetration testing to find security weakness into the network or system. Penetration testing is used to test the system and network of the organization to prevent from the cyber security attack. Penetration testing include Foot printing, Scanning, Finding Vulnerability, Exploiting Vulnerability, Report writing.
Types Of Penetration Testing
Types of Penetration testing depends of the information about the organization.
Black Box Testing
In order simulate real world attacks, Pen Tester choose to under take the Black Box Testing. Black Box Testing refers to zero knowledge about the organization where pen tester don’t know about the organization which refers to real world where attackers have zero information about the target and want to exploit the organization. Black Box Testing is a lengthy process where pen tester have to find every single information about the organization like an attacker to find the vulnerability and exploit them. In Black Box Testing Pen Tester only know about the target name like Organization name and pen tester is suppose to find Every details from the scratch.
White Box Testing
white Box Testing refers to have complete information about the organization. The information is mostly given by the organization itself to pen test the organization with complete information. The information provided by the organization can include Network Topology, Assets, Valuation Information, Company Infrastructure, Network Types, IP Address, Firewall/IDS Details, Company Details etc.
Grey Box Testing
Grey Box Testing include the White and Black Box testing to find vulnerability that an attacker can exploit them. In Grey Box organization prefer to give partial information about the organization which an attacker could find easily like domain name, publicly available information.