Pen Testing Techniques:
1) Manual penetration test2) Using automated penetration test tools
3) Combination of both manual and automated process
The third process is more common to identify all kinds of vulnerabilities.
Penetration Testing Tools:
Automated tools can be used to identify some standard vulnerability present in an application. Pentest tools scan code to check if there is malicious code present which can lead to the potential security breach. Pentest tools can verify security loopholes present in the system by examining data encryption techniques and figuring out hard-coded values like username and password.Criteria to select the best penetration Tool:
– It should be easy to deploy, configure and use.– It should scan your system easily.
– It should categorize vulnerabilities based on severity that needs an immediate fix.
– It should be able to automate verification of vulnerabilities.
– It should re-verify exploits found previously.
– It should generate detailed vulnerability reports and logs.
Once you know what tests you need to perform you can either train your internal test resources or hire expert consultants to do the penetration task for you.
Examples of Free and Commercial Tools:
Commercial services:
Limitations of Pentest tools: Sometimes these tools can flag false positive output which results in spending more developer time on analyzing such vulnerabilities which are not present.
No comments:
Post a Comment