What is Penetration test?
A penetration test, or as you may call it pentest, is an attack on a computer system .
The intention of this attack is to find security weaknesses and thus gaining access to it.
Following is the process that leads to gaining access to data and functionality of the targeted system :
1. Identify the goal2. Identifying the target systems
3. Reviewing the available information
What can be the targets , let’s see :
Following can be the potential targets for penetration test :
1. A light purple box (where all background and system information is provided) or
2. A black box (where only basic or no information is provided except the company name).
What does a penetration test target reveal?
A penetration test can help us understand that whether a system being targeted is vulnerable to attack.
It also tells about the defences available against the attack and if those defences are sufficient enough to protect the system from a potential attack.
Also it can reveal which defences got defeated in the penetration test.
The process involved in penetration testing:
- Discovering a combination of legal operations that will let the tester execute an illegal operation
- unescaped SQL commands
- unchanged salts in source-visible projects
- human relationships, using old hash/crypto function.
- Remote mouse controller
- Webcam peeker
- Ad popupper
- Botnet drone
- Password hash stealer