{"id":1379,"date":"2014-08-28T05:17:10","date_gmt":"2014-08-28T05:17:10","guid":{"rendered":"https:\/\/www.happiestminds.com\/blogs\/?p=1379"},"modified":"2024-04-10T09:20:49","modified_gmt":"2024-04-10T09:20:49","slug":"penetration-testing-all-you-need-to-know-to-start-off","status":"publish","type":"post","link":"https:\/\/www.happiestminds.com\/blogs\/penetration-testing-all-you-need-to-know-to-start-off\/","title":{"rendered":"Penetration Testing: All you need to know to start off"},"content":{"rendered":"
<\/div>
\n

If you have been tossing in sleep worrying over data threats and breaches, the thought of penetration testing<\/a> has definitely crossed your mind or bumped your way by now. But do you really know the what\u2019s and how\u2019s of penetration testing, or is it just the buzzword that\u2019s caught a fair bit of your attention. Are you aware on how exactly a Penetration Test fits into your Information Security program?<\/p>\n

Penetration testing provides an in-depth threat and vulnerability analysis<\/a> of your system. As an elaborate exercise, there are certain assessments and understanding that need to be clarified before getting on to it. Pen-tests, or as they are more commonly called, come in three variations:<\/p>\n

    \n
  1. External Pen Test<\/a> \u2013 This covers publicly exposed systems and tests from the perspective of an external hacker. Yes, more than you know, it is possible for hackers to access internal systems and data from the Internet, breaching firewalls.<\/li>\n
  2. Internal Pen Test \u2013This focuses on internally connected systems. It can be a case on an internal attacker or an internal system remotely being used by an external attacker. The danger addressed here is the exposure of internal assets without the perimeter defenses.<\/li>\n
  3. Hybrid Pen Test \u2013 Data attacks these days have become more sophisticated and complex. A hybrid pen test looks at not only internal or external, but a mix of attacks from local and remote vector.<\/li>\n<\/ol>\n

    It is important to note that Pen-Testing is very different from Vulnerability Scanning or an Internal Security Assessment<\/a>. Vulnerability scanning simply looks at identifying vulnerabilities using automated tools and Internal Security Assessment is an intensive audit of the existing security paraphernalia. Pen-Testing on the other hand is a real time simulation of a realistic scenario with real experts. Instead of just looking for potential<\/em> vulnerabilities, Pen-Test gets closer to reality with ethical hacking.<\/p>\n

    What does a Penetration Test address \u2013 the acid test of the effectiveness of your security system. It helps you uncover:<\/p>\n