Scope:
https://msslinux.blogspot.com/2018/04/pavt-2.html
In this test, attempts are being made to make a person reveal the sensitive information like password, business-critical data, etc. These tests are mostly done through phone or internet and it targets certain helpdesks, employees & processes.
Human errors are the main causes of security vulnerability. Security standards and policies should be followed by all staff members to avoid social engineering penetration attempt. Example of these standards includes not to mention any sensitive information in the email or phone communication. Security audits can be conducted to identify and correct process flaws.
2) Web Application Test:
Using software methods one can verify if the application is exposed to security vulnerabilities. It checks the security vulnerability of web apps and software programs positioned in the target environment.
3) Physical Penetration Test:
Strong physical security methods are applied to protect sensitive data. This is generally used in military and government facilities. All physical network devices and access points are tested for possibilities of any security breach. This test is not much relevant to the scope of software testing.
4) Network Services Test:
This is one of the most commonly performed penetration tests where the openings in the network are identified by which entry is being made in the systems on the network to check what kind of vulnerabilities are there. It can be done locally or remotely.
) Client-side test:
It aims to search and exploit vulnerabilities in client-side software programs.
6) Remote dial-up war dial:
It searches for modems in the environment and tries to login to the systems connected through these modems by password guessing or brute forcing.
7) Wireless security test: It discovers the open, unauthorized and less secured hotspots or Wi-Fi networks and connects through them.
Next Post on VAPT
https://msslinux.blogspot.com/2018/04/pavt-2.html
What should be tested?
- Software (Operating system, services, application)
- Hardware
- Network
- Processes
- End-user behaviour
Penetration Testing Types:
1) Social Engineering Test:In this test, attempts are being made to make a person reveal the sensitive information like password, business-critical data, etc. These tests are mostly done through phone or internet and it targets certain helpdesks, employees & processes.
Human errors are the main causes of security vulnerability. Security standards and policies should be followed by all staff members to avoid social engineering penetration attempt. Example of these standards includes not to mention any sensitive information in the email or phone communication. Security audits can be conducted to identify and correct process flaws.
2) Web Application Test:
Using software methods one can verify if the application is exposed to security vulnerabilities. It checks the security vulnerability of web apps and software programs positioned in the target environment.
3) Physical Penetration Test:
Strong physical security methods are applied to protect sensitive data. This is generally used in military and government facilities. All physical network devices and access points are tested for possibilities of any security breach. This test is not much relevant to the scope of software testing.
4) Network Services Test:
This is one of the most commonly performed penetration tests where the openings in the network are identified by which entry is being made in the systems on the network to check what kind of vulnerabilities are there. It can be done locally or remotely.
) Client-side test:
It aims to search and exploit vulnerabilities in client-side software programs.
6) Remote dial-up war dial:
It searches for modems in the environment and tries to login to the systems connected through these modems by password guessing or brute forcing.
7) Wireless security test: It discovers the open, unauthorized and less secured hotspots or Wi-Fi networks and connects through them.
Next Post on VAPT
No comments:
Post a Comment