Abstract image of a woman sitting on books and studying on a laptop

Penetration testing -A systeamtic approch

Download as PPTX, PDF
G
GANAPATHY RAMAN G V

The document outlines the processes and importance of penetration testing as a comprehensive security assessment method that incorporates security audits and vulnerability assessments. It differentiates between vulnerability scanning and penetration testing, explaining that the former identifies known vulnerabilities while the latter tests the exploitability of vulnerabilities specific to system configurations. The document further elaborates on various types of penetration testing, methodologies, and reporting structures involved in the process.

Education
1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
What is Penetration testing ? A vulnerability scanner runs from the end point of the person inspecting the attack, to the surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that
Importance of penetration test :  Security Audit  A security audit just checks whether the organization is following a set of standard security policies and procedures  Vulnerability Assessment A vulnerability assessment focuses on discovering the vulnerabilities in the information system but provides no indication if the vulnerabilities can be exploited or the amount of damage that may result from the successful exploitation of
Penetration Testing Penetration testing is a methodological approach to security assessment that encompasses the security audit and vulnerability assessment and demonstrates if the vulnerabilities in system can be successfully exploited by attackers
Vulnerability Assesment  A vulnerability assessment focuses on discovering the vulnerabilities in the information system but provides no indication if the vulnerabilities can be exploited or the amount of damage that may result from the successful exploitation of the vulnerability
Vulnerability scanning vs. penetration testing  Vulnerability scanning and penetration testing are often confused, but in fact the two security procedures are quite different and are used for different purposes.  At the most basic level, vulnerability scanning aims to identify any systems that are subject to known vulnerabilities, while a penetration test aims to identify weaknesses in specific system configurations and organizational processes and practices that can be exploited to compromise security.
Vulnerability management process  This vulnerability management process involves:  Identification of vulnerabilities  Evaluation of the risk posed by any vulnerabilities identified  Treatment of any identified vulnerabilities  Reporting on vulnerabilities and how they have been handled
How it works  A vulnerability scanner runs from the end point of the person inspecting the attack, to the surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that is discovered.
Types of Penetration testing  Interbal and external  Blackbox, Whitebox, Greybox  Announced, Unannounced,  Passive, Active scans  Automated , Manual
Methodology Planning Foot printing Exploiting Reporting
Application Penetration Testing  Application Penetration Testing is an "ethical attack" intended to reveal the effectiveness of an application's security controls by highlighting risks posed by actual exploitable vulnerabilities. Pure Hacking offers a number of application penetration testing services including:  Web Application Penetration Testing  Web Services Penetration Testing  Mobile Application Penetration Testing  Secure Code Review
Reporting structure From top Management  Title page  Executive summary For technical workers  Title page  Executive summary  Test team Details  Summary of vulnerabilities  References  Glossary
Content  Executive Summary  Scope of work  Project objectives  Assumption  Timeline  Summary of findings  Summary of recommendation  Methodology
Content (contd..)  Planning  Exploitation  Reporting  Detail Findings  Detailed systems information  Windows server information  References  Appendix
Conclusion  This presentation is meant to share the importance of penetration testing on materials which is one of the non-destructive methods found in common.  The impact of vulnerability assessment and its needs are broadly elaborated through this presentation.  The types and the methodology involved in the penetration testing are elaborated.  In final the reporting structure of penetration testing are also deeply discussed through this presentation.
References :  https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf  https://partneredsolutionsit.com/importance-of-vulnerability-scans/ Books :  Penetration testing :Ahands on introduction to hacking by Georgia Weidman, published by John wiley & sond Inc  Penetration Testing for dummies by Robert shimonski , No starch press, San Francisco

More Related Content

PPTX
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
DOCX
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Falgun Rathod
 
DOCX
Backtrack manual Part1
Nutan Kumar Panda
 
DOCX
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Aardwolf Security
 
PPTX
Pentesting vs Vulnerability Scanning What’s the Difference.pptx
BluechipComputerSyst
 
PDF
penetration testing
Shitesh Sachan
 
KEY
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 
PDF
Types of Vulnerability Scanning An in depth investigation.pdf
Cyber security professional services- Detox techno
 
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Falgun Rathod
 
Backtrack manual Part1
Nutan Kumar Panda
 
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Aardwolf Security
 
Pentesting vs Vulnerability Scanning What’s the Difference.pptx
BluechipComputerSyst
 
penetration testing
Shitesh Sachan
 
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 
Types of Vulnerability Scanning An in depth investigation.pdf
Cyber security professional services- Detox techno
 

Similar to Penetration testing -A systeamtic approch (20)

PPTX
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
Pace IT at Edmonds Community College
 
PDF
Introduction to Website Pentesting.pptx.pdf
apurvar399
 
PPTX
NETWORK PENETRATION TESTING
Er Vivek Rana
 
PPTX
Vulnerability and Penetration Testing
Jeffery Brown
 
PPTX
Introduction to cyber security
Geevarghese Titus
 
PDF
website vulnerability scanner and reporter research paper
Bhagyashri Chalakh
 
PPTX
UNIT I PPT.pptxsdVDSVDAVDSBGVGNhfzgnnzgdngfh
Tejaswini Vontela
 
PDF
How to Conduct Penetration Testing for Websites.pptx.pdf
Rosy G
 
PDF
Securing Servers: A Guide to Penetration Testing
khushihc2003
 
PPTX
Vapt life cycle
penetration Tester
 
PDF
Penetration Testing Services_ Comprehensive Guide 2024.pdf
qualysectechnology98
 
PDF
What is Penetration & Penetration test ?
Bhavin Shah
 
PPTX
Introduction Vulnerability assessment and penetration testing.pptx
sami889399
 
PPT
M Kamens Iia Financial Services Presentation At Disney
kamensm02
 
PPTX
penetration testing.pptx
wilnawilliams3
 
PPTX
penetration testing.pptx
wilnawilliams3
 
PPTX
Learn more about the Penetration Services
wilnawilliams3
 
PDF
Web app penetration testing best methods tools used
Zoe Gilbert
 
PDF
Владимир Стыран - Пентест следующего поколения, который ваша компания не може...
UISGCON
 
PDF
Next generation pentest your company cannot buy
Vlad Styran
 
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
Pace IT at Edmonds Community College
 
Introduction to Website Pentesting.pptx.pdf
apurvar399
 
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Vulnerability and Penetration Testing
Jeffery Brown
 
Introduction to cyber security
Geevarghese Titus
 
website vulnerability scanner and reporter research paper
Bhagyashri Chalakh
 
UNIT I PPT.pptxsdVDSVDAVDSBGVGNhfzgnnzgdngfh
Tejaswini Vontela
 
How to Conduct Penetration Testing for Websites.pptx.pdf
Rosy G
 
Securing Servers: A Guide to Penetration Testing
khushihc2003
 
Vapt life cycle
penetration Tester
 
Penetration Testing Services_ Comprehensive Guide 2024.pdf
qualysectechnology98
 
What is Penetration & Penetration test ?
Bhavin Shah
 
Introduction Vulnerability assessment and penetration testing.pptx
sami889399
 
M Kamens Iia Financial Services Presentation At Disney
kamensm02
 
penetration testing.pptx
wilnawilliams3
 
penetration testing.pptx
wilnawilliams3
 
Learn more about the Penetration Services
wilnawilliams3
 
Web app penetration testing best methods tools used
Zoe Gilbert
 
Владимир Стыран - Пентест следующего поколения, который ваша компания не може...
UISGCON
 
Next generation pentest your company cannot buy
Vlad Styran
 
Ad

More from GANAPATHY RAMAN G V (6)

PPTX
Parking Solutions based on IoT and AI.pptx
GANAPATHY RAMAN G V
 
PPTX
System Security Plan for cycber sec.pptx
GANAPATHY RAMAN G V
 
PPTX
System Security Plan with various aspects.pptx
GANAPATHY RAMAN G V
 
PPTX
Blogs –An Overview with the scope of.pptx
GANAPATHY RAMAN G V
 
PPTX
SOFTWARE QUALITY software development-520.pptx
GANAPATHY RAMAN G V
 
PPT
Data Mining Cluster Analysis: Advanced Concepts and Algorithms
GANAPATHY RAMAN G V
 
Parking Solutions based on IoT and AI.pptx
GANAPATHY RAMAN G V
 
System Security Plan for cycber sec.pptx
GANAPATHY RAMAN G V
 
System Security Plan with various aspects.pptx
GANAPATHY RAMAN G V
 
Blogs –An Overview with the scope of.pptx
GANAPATHY RAMAN G V
 
SOFTWARE QUALITY software development-520.pptx
GANAPATHY RAMAN G V
 
Data Mining Cluster Analysis: Advanced Concepts and Algorithms
GANAPATHY RAMAN G V
 
Ad

Recently uploaded (20)

PDF
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
PPTX
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
PPTX
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
PDF
FOISHS ANNUAL IMPLEMENTATION PLAN 2025.pdf
EllenJoyCaniya2
 
PDF
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
PPTX
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
PPTX
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PDF
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
PDF
David L Page_DCI Research Study Journey_how Methodology can inform one's prac...
David L Page
 
DOCX
Cambridge-Practice-Tests-for-IELTS-12.docx
ssuser0d93ff
 
PPTX
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
PDF
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
PPTX
B.Sc. DS Unit 2 Software Engineering.pptx
Dr. Pallawi Bulakh
 
PDF
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
PDF
IGGE1 Understanding the Self1234567891011
rhea22labucay
 
PDF
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PPTX
History, Philosophy and sociology of education (1).pptx
tmdth1
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
FOISHS ANNUAL IMPLEMENTATION PLAN 2025.pdf
EllenJoyCaniya2
 
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
David L Page_DCI Research Study Journey_how Methodology can inform one's prac...
David L Page
 
Cambridge-Practice-Tests-for-IELTS-12.docx
ssuser0d93ff
 
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
B.Sc. DS Unit 2 Software Engineering.pptx
Dr. Pallawi Bulakh
 
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
IGGE1 Understanding the Self1234567891011
rhea22labucay
 
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
History, Philosophy and sociology of education (1).pptx
tmdth1
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 

Penetration testing -A systeamtic approch

  • 1. What is Penetration testing ? A vulnerability scanner runs from the end point of the person inspecting the attack, to the surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that
  • 2. Importance of penetration test :  Security Audit  A security audit just checks whether the organization is following a set of standard security policies and procedures  Vulnerability Assessment A vulnerability assessment focuses on discovering the vulnerabilities in the information system but provides no indication if the vulnerabilities can be exploited or the amount of damage that may result from the successful exploitation of
  • 3. Penetration Testing Penetration testing is a methodological approach to security assessment that encompasses the security audit and vulnerability assessment and demonstrates if the vulnerabilities in system can be successfully exploited by attackers
  • 4. Vulnerability Assesment  A vulnerability assessment focuses on discovering the vulnerabilities in the information system but provides no indication if the vulnerabilities can be exploited or the amount of damage that may result from the successful exploitation of the vulnerability
  • 5. Vulnerability scanning vs. penetration testing  Vulnerability scanning and penetration testing are often confused, but in fact the two security procedures are quite different and are used for different purposes.  At the most basic level, vulnerability scanning aims to identify any systems that are subject to known vulnerabilities, while a penetration test aims to identify weaknesses in specific system configurations and organizational processes and practices that can be exploited to compromise security.
  • 6. Vulnerability management process  This vulnerability management process involves:  Identification of vulnerabilities  Evaluation of the risk posed by any vulnerabilities identified  Treatment of any identified vulnerabilities  Reporting on vulnerabilities and how they have been handled
  • 7. How it works  A vulnerability scanner runs from the end point of the person inspecting the attack, to the surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that is discovered.
  • 8. Types of Penetration testing  Interbal and external  Blackbox, Whitebox, Greybox  Announced, Unannounced,  Passive, Active scans  Automated , Manual
  • 10. Application Penetration Testing  Application Penetration Testing is an "ethical attack" intended to reveal the effectiveness of an application's security controls by highlighting risks posed by actual exploitable vulnerabilities. Pure Hacking offers a number of application penetration testing services including:  Web Application Penetration Testing  Web Services Penetration Testing  Mobile Application Penetration Testing  Secure Code Review
  • 11. Reporting structure From top Management  Title page  Executive summary For technical workers  Title page  Executive summary  Test team Details  Summary of vulnerabilities  References  Glossary
  • 12. Content  Executive Summary  Scope of work  Project objectives  Assumption  Timeline  Summary of findings  Summary of recommendation  Methodology
  • 13. Content (contd..)  Planning  Exploitation  Reporting  Detail Findings  Detailed systems information  Windows server information  References  Appendix
  • 14. Conclusion  This presentation is meant to share the importance of penetration testing on materials which is one of the non-destructive methods found in common.  The impact of vulnerability assessment and its needs are broadly elaborated through this presentation.  The types and the methodology involved in the penetration testing are elaborated.  In final the reporting structure of penetration testing are also deeply discussed through this presentation.
  • 15. References :  https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf  https://partneredsolutionsit.com/importance-of-vulnerability-scans/ Books :  Penetration testing :Ahands on introduction to hacking by Georgia Weidman, published by John wiley & sond Inc  Penetration Testing for dummies by Robert shimonski , No starch press, San Francisco