There’s no way you’ve had a working internet connection in the last year and you haven’t seen or heard the terms PT, Pentest or Penetration Testing at least once. And for a good reason.
We know that there are several types of “Hackers” out there, It’s important
to clarify here that we talk about Ethical Hackers (White Hats), since they’re the only type of hackers that do what they do with permission and documentation.
As seen from the image, if you’re an Ethical Hacker and your intentions are pure (hence the use of the color white) you can perform Penetration Tests.
But why should your intentions be pure ? What is Penetration Testing ?
Penetration testing (also known as Pentesting or PT for short) is a planned and controlled attacks against systems that is carried out by a tester (“hacker”, pen-tester) with the aim of finding security weaknesses (vulnerabilities), the potential of accessing these weaknesses, the usefulness that can be derived from accessing them and the information they store.
The steps of the process
The penetration test is performed according to the following steps :
1. Identifying the systems intended for penetration, and the main goal we try to achieve.
2. Examining the information available to the tester.
3. Examining the possible and required tools to achieve the goals.
There are two types of testing :
- White box testing – when all information regarding the system being tested is available to the tester.
- Black box testing – when the tester has only the basic information or, no information at all except for the name of the company available for him.
A penetration test will provide an understanding of whether the system can be penetrated and which defense mechanisms have been breached (if the system has been breached at all).
First, the tester works against the first layer of protection, if he finds a security breach (called an exploit) in this layer, he will advance to the next layer. There may be several security “holes” in a certain layer, but as soon as one is found, the tester will move towards his goal. This is the difference between a penetration test (in depth) and a extended test in which security vulnerabilities are identified throughout the system (vulnerability assessment).
The security problems are presented at the end of the test to the person in charge of the system (or the test coordinator on behalf of the tested company).
A Good quality test will present the security problems along with an accurate assessment of the damage that can be caused to the tested organization due to their exploitation, and the countermeasures that can increase the security at these certain points.
Why should we perform Penetration Testing ?
- Testing the feasibility of certain attacks.
- Assembling a strong attack built from several weaker attacks in a certain order.
- Identifying vulnerabilities that might be revealed by automatic tools (vulnerabilities scanners of applications / networks).
- Identifying the size of the business and operational damage (business impact) that will be caused by the attacks (if they succeed).
- Testing the capabilities of the defense mechanisms of the system intended for attack in terms of detecting attacks and handling them.
Sahar Avitan, a Pentester with years of experience in the field, and, the Co-Founder and CTO of Kayran technologies has said :
“ Today, performing tests and securing your assets are things of supreme significance, it’s very important to stay alert and maintain our defense systems constantly. As a Penetration Tester who has dealt with countless cases and performed thousands of penetration tests, there are always new things I discover and deal with “.
Did you know that performing a scan using an application vulnerability scanner (such as Kayran) it’s basically like performing penetration tests, only automatically?
Stay safe, choose Kayran.