Header Ads

  • Cybersecurity

    What is Penetration Testing? (for hackers)

    Ethical hackers are motivated by different reasons, but their purpose is to find and cover up vulnerabilities and cover them up They’re also trying to determine what an intruder can see on a targeted network or system, and
    how crackers gain access into the computer to get information or subdue information . 

    When a White hat hacker runs check up, testing the security of a system or 
    network is known as a PENETRATION TEST.

    The reasons why Penetration testing is done is to minimize the risk of Computer System Attacks,
    also fairly well-known tricks that exploit common weaknesses in the security

    Penetration Testing is the act whereby vulnerability check is being run on a system to discover possible vulnerabilities to be encountered.

    Hackers break into computer systems because of a great deal of study in the flaws discovered on a network,  this enable them to be able to carry out malicious activitievs on a website or targeted devices.

    Usually,  an hacker doesn't need to be too brilliant to hack into a network system, it's often mistaken by people to think hackers are very intelligent an hacker works with patience and persistence, during this process an hacker had already gotten an handful information about their target, this can be done via the internet or Social Engineering.

    Penetration testing makes it  possible to be able to detect loop holes or backdoors which an hacker or cracker is likely to gain access into.

    These are types and Terms Associated with Pen Testing .

    Application Penetration Testing

    This is a process whereby an hacker uses its approach to identify application layer such as Cross site 
    forgery, cross site scripting, injection flaws, Insecure Object Reference and weak session management.


    Network Penetration Testing

    This lay it focus on Network vulnerability and flaws this includes, wireless network flaws, 
    misconfiguration, weak password and protocols.


    Physical Penetration Testing.

    This process lay its focus on Physical intrusion systems, camera flaws, alarm system, transducer and 
    more.

    Pen. Testing can also be done on the workers, majority of possible hacks we find today comes from 
    Physical Penetration vulnerabilities, an hacker looks into a system and he tries to attack by discovering 
    your weakest flaws. This can be done also by running a check on the workers or staff of the company.


    IoT/ Device Penetration Testing

    This also aims at discovering device flaws, Weak passwords, misconfiguration, communication system 
    flaws and more.


    Terms Associated with Pen testing.

    Information gathering: is a process of gathering information about your target, this can be through any 
    means, could be done by physical means or by internet.

    Threat Modelling: is the act of identifying and categorizing assets, threats and threats communities

    Vulnerability Analysis: This is an act of discovering or finding flaws in a system using some set of set of tools. 

    Exploitation: this is a process by which an attack is being executed, this can only be done when the 
    needed information is gotten from the target.

    Post- Exploitation: This is an act of determine the act of compromise or considering data or network 
    sensitivity.


    Reporting: this is a report of vulnerabilities found and how you can fix these vulnerabilities.


      No comments