What Is Network Penetration Testing
Posted By : Rohitesh Rawat | 28-Feb-2018
The primary objective is to identify vulnerabilities in networks and network devices like routers, switches. This type of testing should be done before hackers are able to discover these vulnerabilities and have unauthorized access to sensitive data.
NPT Approach:
A risk-based approach can be adapted to identify critical network-centric vulnerabilities:
1- Information Gathering: A list of all the accessible systems along with their services is obtained to gather as much information as possible. Purpose of this is to prepare for threat identification and map in-scope environment.
2- Threat Modeling: Vulnerabilities of the systems are identified from the information gathered from the 1st step. These are then categorized into different categories which involve: financial information, technical information, and trade secrets but more commonly consist of technical information found during the previous phase.
3- Vulnerability Analysis: The vulnerability analysis phase involves the Documentation and Analysis of discovered vulnerabilities
4- Exploitation: Exploitation involves carrying out the vulnerability’s exploit in an effort to be certain if the vulnerability is truly exploitable. Exploitation includes SQL injection, buffer overflow, OS commanding etc..
5- Reporting: In this step, stakeholders are delivered a clear and actionable report of the findings.
Types of penetration testing:
1- Internal testing - Internal testing is performed to simulate in a case when company's own employee attempts an attack from within the company.
2- External testing - This is the most widely used. Finding vulnerabilities in firewall and domain servers by investigating the security of the application.
3- Double-blind testing - In this, not everyone inside the project is informed when the app's security will be inspected. Only a few people are notified before this testing is carried out. In this way, QA teams can determine how the organization will react in the event of an actual breach attempt.
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Rohitesh Rawat
Rohitesh is an expert in Agile methodologies, specializing in Scrum. He possesses a wide range of skills, including proficiency in Jira, MongoDB, planning, scoping, process creation and management, and QA. Over the years, he has led the successful delivery of several offshore projects, including Konfer, Virgin Media, HP1T, and Transleqo. Rohitesh holds certifications as a Certified Scrum Master (CSM) and Project Management Professional (PMP) and has a comprehensive understanding of the entire Project Life Cycle (PLC).