Penetration Testing - A simulated cyber attack
What is a penetration test?
A penetration test, also known as a "pen test", is a simulated cyber attack on software or infrastructure within a company, for example, to find security gaps or circumvent protective measures. It uses the same tools that a black hat hacker would use. The difference is that pen testers help the company find vulnerabilities and don't exploit them. At the end of a pen test, the pen testing team provides the company with a list of all the vulnerabilities found. The company then takes care of eliminating the gaps itself.
What types of penetration tests are there?
There are a total of 10 different types of penetration tests, which are assigned to two overarching categories: hardware/software tests and social engineering tests.
The hardware/software tests attempt to find security gaps in systems (e.g. web applications or IoT devices), while social engineering tests focus on the company's employees, from whom sensitive information such as passwords or secret documents is to be extracted.
What are the phases of a penetration test?
1. Reconnaissance (reconnaissance):
In this phase, information about the target to be attacked is collected. Data is collected about the network, the operating system, the applications and the user accounts.
A distinction is made between active and passive reconnaissance. Passive means that the information obtained is obtained from publicly accessible sources. Active, on the other hand, means that the target system is addressed directly by the pen tester.
When scanning a target system, the network traffic is scanned and all open ports are identified. Hackers can use these ports to launch specific attacks on a system.
3. Vulnerability Assessment:
In phase three, the information from phases one and two is used to find vulnerabilities in the tested system.
Attempts are now being made to exploit the vulnerabilities found in order to gain access to the target system.
The final phase is creating a document listing all the problems and vulnerabilities found. With this document, the company can fix the vulnerabilities found after the penetration test.
Advantages of a penetration test
Advanced Software Developer & Security Expert