Why we need Penetration Testing - PowerPoint PPT Presentation

About This Presentation
Title:

Why we need Penetration Testing

Description:

There are many reasons why organizations seriously need penetration testing, it can be extremely useful to people who wish to get extra reassurance when it comes to critical web facing systems.Protection of sensitive data and information becomes important in any organizations. More @ – PowerPoint PPT presentation

Number of Views:102

less

Transcript and Presenter's Notes

Title: Why we need Penetration Testing


1
Penetration Testing
  • Need of Penetration Testing?

2
(No Transcript)
3
What is Penetration Testing ?
A Penetration Testing, or sometimes Pentest
Is a software attack on a computer system that
looks for security weaknesses,
Potentially gaining access to the computer's
features and data.
Security issues that the penetration test
uncovers should be reported to the system owner.
Penetration test reports may also assess
potential impacts to the organization and suggest
countermeasures to reduce risk.
4
Objectives / Goals of Penetration Testing are
  • Determine feasibility of a particular set of
    attack vectors
  • Identify high-risk vulnerabilities from a
    combination of lower-risk vulnerabilities
    exploited in a particular sequence
  • Identify vulnerabilities that may be difficult or
    impossible to detect with automated network or
    application vulnerability scanning software
  • Assess the magnitude of potential business and
    operational impacts of successful attacks
  • Test the ability of network defenders to detect
    and respond to attacks
  • Provide evidence to support increased investments
    in security personnel and technology

5
Why we need Penetration Testing Team
  • There are many reasons for organizations should
    seriously consider performing penetration tests.
  • A penetration test is a highly specialized,
    security-specific validation of controls in
    place.
  • Penetration testing is really a form of QA that
    looks for flaws in network architecture and
    design, operating system and application
    configuration, application design, and even human
    behaviour as it relates to security policies and
    procedures.
  • This can range from testing network and
    application access controls, to software code and
    IT operational processes.

6
Advantages of a Penetration Test
  • Penetration testing can be extremely useful to
    people who wish to get extra reassurance when it
    comes to critical web facing systems.
  • However they can also be useful in a variety of
    other ways, such as
  1. Testing a System Administrator to see if he is
    keeping systems updated and secured.
  2. Compliance the Payment Card Industry (PCI),
    when operating an online payments system.
  3. Risk reduction and risk mitigation factors for
    insurance or other industries.
  4. Protection of Confidentially, Integrity and
    Availability (CIA triad) of data.

7
Most Common Types of Penetration Tests
Two of the more common types of penetration tests
are black box and white box penetration testing.
Black Box Test,
no prior knowledge of the corporate system is
given to the third party tester. This is often
the most preferred test as it is an accurate
simulation of how an outsider/hacker would see
the network and attempt to break into it.
White Box Test, on
the other hand is when the third party
organisation is given full IP information,
network diagrams and source code files to the
software, networks and systems, in a bid to find
weaknesses from any of the available information.
8
Common Measurements for Penetration Testing
What kinds of metrics make sense for penetration
testing and vulnerability assessments?
For vulnerability assessments, common
measurements to track include
  • Number of vulnerabilities found
  • Criticality and types of vulnerabilities
  • Percentage of systems and applications scanned
  • Number of unowned or questionable assets
    detected.
  • For penetration tests, the key is a baseline
  • How many critical vulnerabilities were found vs.
    the last test?
  • User accounts and/or passwords compromised
  • Data records accessed.

9
A penetration test is useful service if your
business can justify the expense and importance
of having its web facing equipment properly
secured. Rest assured that cybercrime is a
growing problem, costing business and the
government millions each year. The cyber
criminals dont look to be giving up anytime soon
and with all this money to be made by them
online, whos to say your business wont be next?
10
Resources
http//testbytes.net/testing-services/penetration-
testing/ http//searchsecurity.techtarget.com/mag
azineContent/How-to-pen-test-Why-you-need-an-inter
nal-security-pen-testing-program http//bizsecuri
ty.about.com/od/informationsecurity/a/Penetration-
Testing-What-Is-It-Do-I-Need-It.htm
11
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com