What is Penetration Testing / Ethical Hacking?
Author: admin | Category: Featured, Information Security, Penetration Testing | Leave a Comment
Crackers or hackers penetrate into the information system and take away critical data, like passwords, credit card details and financial records by employing powerful tools. Every day we read about these kinds of security breaches from every nook and corner of the world. Companies and organizations are facing tough time and their credibility is at stake and that in turn affect their businesses.
In order to reduce the net effect, many businesses are employing security experts who are capable of testing and certifying their system hacker proof. That kind of security expert is known as penetration tester or ethical hacker.
A Penetration tester will use the tools which are used by an attacker and emulate the actions that an attacker would attempt to compromise the system. This process and methodologies used to test the security of the system by the penetration tester is known in the industry as penetration testing or the glorified name is Ethical Hacking. The main difference between an ethical hacker and a criminal hacker is that the penetration tester will carry out his activities after getting a written approval and is bound within a rule of engagement. At the end of testing the ethical hacker will submit a detailed report, which contains the vulnerabilities found and the recommendation to address them.
Now, let’s see few definitions of Penetration Testing.
According to Patrick Engebreston, Penetration testing can be defined as a legal and authorized attempt to locate and successfully exploit computer systems for the purpose of making those systems more secure.
SANS: Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. If the focus is on computer resources, then examples of a successful penetration would be obtaining or subverting confidential documents, price-lists, databases and other protected information.
Wikipedia: A penetration test, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization’s systems) and malicious insiders (who have some level of authorized access). The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.
In a nut shell we can define, Penetration testing is the act of testing a network to find security vulnerabilities before they are exploited by phishers, digital piracy groups, and countless other organized or individual malicious hackers.
References:
The Basics of Hacking and Penetration Testing
SANS – Analyst Program