Sunday, October 12, 2014

Penetration Testing

Penetration Testing

1. What is Penetration testing?
Penetration testing is a type of testing wherein tester attempts to evade / bypass the security features of a system and tries to identify security weaknesses.

2. Why do Penetration testing?
The intent of a penetration test is to simulate a real world attack situation with a goal of identifying how far an attacker would be able to penetrate into an environment.

3. When to perform Penetration testing?
The penetration testing should be included as a standard process within the security testing roadmap. Traditionally, organizations prefer to perform penetration testing prior to a product release or a major upgrade. How ever it is also advisable to conduct this testing in the following situations:

a. New infrastructure is added
b. Software is installed
c. System updates are applied
d. Security patches are applied
e. User policies are modified

Above three answers are from the below penetration testing links.

4. Give some examples of penetration testing tools.
Nmap, Nessus, Metasploit, Netsparker, Acunetix etc. are some of the examples of penetration testing tools.

You can find more about pen testing tools below:
a. 37 Powerful Penetration Testing Tools For Every Penetration Tester [Link].
b. Five free pen-testing tools [Link].
c. Automated penetration testing tools [Link].
d. Our 2013 recommended penetration testing tools [Link].
e. Windows Tools For Penetration Testing [Link].

5. What are different types of penetration testing?
Penetration testing types can be Network Penetration Testing, Application Penetration Testing, Website Penetration Testing, Physical Penetration Testing etc.

Below links will throw some more light on the types of penetration testing:
a. Types of Penetration Tests [Link].
b. Types of Penetration Tests [Link].
c. Types of penetration tests [Link].
d. The two types of penetration testing [Link].
e. Types of Penetration Testing Services [Link].

6. Give some examples of sample test cases for penetration testing.
a. Security Testing – Test Cases [Link].
b. Penetration Testing: Web-Applications Test-Cases (Chapter 1) [Link].
c. NET Penetration Testing: Test Case Cheat Sheet [Link].
d. Penetration Testing – Complete Guide with Sample Test Cases [Link].

Below are some of the best 32 penetration testing links from around the internet:
1. Pentest Standard. [Link]
2. Penetration testing. [Link]
3. Penetration Testing Overview :- What is Penetration Testing?, Why Perform Penetration Testing?, How Often Should You Perform Penetration Testing?, How Can You Benefit from Penetration Testing? [Link]
4. pen test (penetration testing):- Pen test strategies. [Link]
5. Penetration Testing – Complete Guide with Sample Test Cases:- What is Penetration Testing?, Why Penetration testing?, Penetration Testing Types, Penetration Testing Tools, Manual Penetration Test, Penetration testing sample test cases (test scenarios). [Link]
6. 37 Powerful Penetration Testing Tools For Every Penetration Tester. [Link]
7. Penetration Testing for Web Applications (Part One). [Link]
8. Penetration Testing for Web Applications (Part Two). [Link]
9. Penetration Testing for Web Applications (Part Three). [Link]
10. Internet Penetration Testing: A Seasoned Perspective. [Link]
11. Manual Web Application Penetration Testing: Introduction. [Link]
12. Penetration testing on the cheap and not so cheap. [Link]
13. Penetration Testing with Smartphones Part 1:- The Phone Setup, Network & Vulnerability Scanners etc. [Link]
14. Penetration Testing with Smartphones Part 2: Session Hi-Jacking & ARP Spoofing:- Session Hi-Jacking & ARP Spoofing, Wi-Fi Sniffing. [Link]
15. 5 Ways to Learn Ethical Hacking and Penetration Testing. [Link]
16. Penetration Testing Methodology. [Link]
17. How to determine which security testing method to use if resources are limited. [Link]
18. What Is A Penetration Test And Why Would I Need One For My Company?: What is a Penetration Test?, What is the Value of a Penetration Test?, What do I need to look for in a Penetration Testing Service Provider? [Link]
19. Understanding Penetration Testing Methodology:- Definition, Elements of the pen-test, Process, Audit. [Link]
20. Ask YC: What do you use for penetration testing? [Link]
21. Ask HN: How do you perform penetration testing on your webapp? [Link]
22. An overview of penetration testing: Introduction, Why Penetration Testing, Benefits of Penetration Testing from Business Perspective, Benefits of Penetration Testing from Operational Perspective, What is Involved in Penetration Testing, Penetration Testing Strategies, Penetration Testing Types, How to Conduct Penetration Testing, Web Application Penetration Testing and more. [Link]
23. Penetration Testing: What is Penetration Testing, Technique – Penetration Testing, Penetration Test Tutorial etc. [Link]
24. Study: A Penetration Testing Model. [Link]
25. Penetration Testing Android Applications. [Link]
26. Penetration Testing Pen Testing Methodology, Vulnerability Assessments vs. Penetration Testing, Approaches, Internal Penetration Assessments, Layered Security Approach. [Link]
27. Comparison of penetration testing tools for web applications.
28. Penetration Testing: A Systematic Approach: Penetration TestingTypes, Methodology etc. [Link]
29. Secret Pentesting Techniques. [Link]
30. Automated Penetration Testing by Neha Samant: need for penetration testing, when to perform penetration testing, types of penetration testing, process of penetration testing and more. [Link]
31. Penetration Testing Guidance: What is Penetration Testing?, Why Penetration Testing?, Attack Vectors and Scoping, Approach and Methodology, Tools of the Trade etc. [Link]
32. Penetration Testing by James A. Whittaker. [Link]