Translate

What is Penetration Testing and Why is It Important?

Penetration Testing (pentesting or security testing) is the process of testing your applications for vulnerabilities. An effective penetration test will usually involve a skilled hacker, or team of hackers. The testers not only discover vulnerabilities that could be used by attackers but also exploit vulnerabilities, where possible, to assess what attackers might gain after a successful exploitation.




Pentesting generally begins with the pre-engagement phase, which involves talking to the client about their goals for the pentest, mapping out the scope. When the pentester and the client agree about scope, reporting format, and other topics, the actual testing begins.
The penetration testing should attempt to exploit security vulnerabilities and weaknesses throughout the environment, attempting to penetrate both at the network level and key applications. The goal of penetration testing is to determine if unauthorized access to key systems and files can be achieved. If access is achieved, the vulnerability should be corrected and the penetration testing re-performed until the test is clean and no longer allows unauthorized access or other malicious activity.


    Why Penetration Testing is Important?

    • They provide feedback on the most at risk routes into your company or application. Penetration testers think outside of the box, and will try to get into your system by any means possible, like a real world attacker would. This could reveal lots of major vulnerabilities your security or development team never considered. The reports generated by penetration tests provide you with feedback on prioritizing any future security investment.
    • Penetration testing reports can be used to help train developers to make fewer mistakes. If developers can see how an outside attacker broke into an application or part of an application they helped develop, they will be more motivated to improve their security education, and avoid making similar errors in the future.
    Here I'm using Kali linux (O.S) which is so powerful tool for pentesting. Installation and configuration of Kali linux will be discussed in the other post.

    No comments:

    Post a Comment