Maccablo

Tag: Penetration testing

  • Types of Penetration Testing

    Types of Penetration Testing

    In the first session of Penetration Testing we have given the basic concept of defining What is Penetration testing and benefits of the Pen test. Now our second section will cover about the Types of Penetration Testing in detail .

    Three Types of Penetration Testing

    Basically there are three types of Pen tests in existence . They are – White box Penetration Test , Black box Penetration Test and finally Grey box Penetration Test .

    Black Box Penetration Test

    First we will discuss about the Black box penetration testing and its features. Also about the merits and demerits involved in the black box penetration testing .

    What is Black Box Penetration Testing ?

    In Black box testing , the black box tester is not having any idea or knowledge about the internal source code or the internal structure . He is just like a hacker who doesn’t have any internal information about the system . He can do the pen test on the system with only the public information that is available .

    The black box penetration testers are not given any information about the architectural diagrams that are not open to public visibility . Thus this kind of pen test will help in identifying the security flaws in the system that can be attacked by any of the external person with no knowledge of the internal data .

    The black box tester will try to collect as much as information about the targeted network / System . The tester will not examine any of the codes . He will be aware about only the expected outcome not about how this outcome will arrive .

    Advantages of Black Box Pen Testing

    Now we will focus on the merits of back box pen testing / the advantages of Black box pen testing .

    • A black box pen tester need not to be an expert , nor is necessary for him to have any knowledge about languages .
    • Black box tested is supposed to verify the contradictions in the system.
    • Black box testing usually takes place from the perspective of the user . It has nothing to do with the designer aspect .
    Disadvantages of Black Box Testing

    As we all know everything has its own merits as well as demerits .So here we will point out some of the disadvantages of the black box testing process.

    • Difficulty in design is one of the drawback faced while conducting a black box pen test .
    • In case if the designer has conducted the test , then the black box test will not be worth in actual .

    Now on the Types of Penetration Testing , there are two more types left . Next we will focus on white box test .

    White Box Penetration Test

    The second Types of Penetration Testing is White box Penetration testing . We will discuss what is white box pen testing and its merits-demerits .

    What is White Box Penetration Testing ?

    In white box penetration test , the tester is given information about the system or its network . The white box tester is given idea about the source code , schema details , IP , OS and almost all necessary information needed . Its generally an attack from internal source itself .

    White box penetration testing is also known by different names such as – open box testing , auxiliary and logic-driven testing , clear box test , glass box testing etc .

    White box testing is straight opposite of black box test . Because here the tester has all necessary information regarding the architecture design , data , source codes etc . In White box penetration the pen tester will check path testing , data flow testing and loop testing . As well as he analyses the code coverage .

    Advantages of White Box Pen Testing

    Discussed below is the advantages of white box penetration testing .

    • White box test can help in finding out the internal and external security vulnerabilities in a system / network.
    • Ensuring all the independent paths of each module has been exercised.
    • Verification of all the logical decisions by means of accessing their true or false value is ensured in white hat pen testing .
    • Typographical errors can be found as well as there will be a syntax checking process .
    • Can help in finding out the design errors that has risen due to the difference between actual execution and logical flow .
    Disadvantages of White Box Testing

    Focusing on the disadvantages of white box penetration test let’s discus it in brief –

    • The tester has to sort out the flaws by knowing so much of internal information thus it might create some confusion as well .
    • Have to go through a huge amount of data that is time consuming .
    • They work on the basis of knowledge of system directly from the developer . A hacker will not have any idea about this information .So a white hat testers’s behaviour will be entirely different from that of a hacker who doesn’t’ have any idea about the system .

    So that’s all about the white box testing , now we will focus on the next Types of Penetration Testing that is Gray box test .

    Read Also : Penetration testing tutorial for beginners

    Grey Box Penetration Testing

    Now we will focus on the last session of Types of Penetration Testing . The third type of pen test is – Gray box penetration testing .

    What is Grey Box Penetration Testing ?

    Grey box pen testing is type of pen testing where the tester will generally provide partial information regarding the internal system or network .

    This generally works like an external attack by the tester who has some kind of access to the internal system / network infrastructure .

    Advantages of Grey Box Pen Testing

    Let us take a look at the advantages of grey box testing –

    • In this there is difference between the tester and developer so the chances of personal conflict is absent .
    • Doesn’t require access to the source code .
    • Doesn’t have to supplement them with knowledge of internal info about program functions etc .
    Disadvantages of Grey Box Testing

    Now let us take a look at the disadvantages of grey box pen test –

    • Grey box testers might miss out some of the vulnerabilities due to lack of idea about the source code .
    • For algorithm testing , grey box testing is proven to be not ideal .
    • Grey box pen test can be time consuming in its nature .

    Hope this section of Penetration Testing tutorial have given all our readers a clear idea about the Types of Penetration Testing .

  • Penetration testing tutorial for beginners

    Penetration Testing or very commonly known as Pen test in Online world . This might be a familiar team for all IT Security enthusiasts and tech companies . For those who are unfamiliar to this term , here we will give you an idea by defining the concept of Penetration test .

    Introduction To Penetration Testing

    Let us start with introduction to penetration testing by defining what is penetration testing .

    Then we will learn the importance of the pen test . And why it is necessary to perform these kind of tests and so on .

    Defining Penetration Testing ( Pen Test )

    Let’s go for a simple definition to understand the concept . Pen test / Penetration test is generally a Security test to find out the security threats and security risk on a system . 

    This test helps in detecting the security risk on a system and thus makes the security analyst teams vigilant to rectify the insecurities of a system .

    How Important is Penetration Test ?

    Now you may be thinking why penetration test , what is the importance of penetration test . Let’s discuss it in short –

    Imagine any software application or a website that has got security flaws . It can happen easily , when a developer develops an application or website errors can occur . Some of the minute errors like configuration errors , software bugs , design errors can lead to security threats . This can turn vulnerable when someone illegally enters into the site and make use of the security loopholes .

    So its always necessary to find out the security flaws by doing a pen test .

    • This helps in understanding the security loopholes in system .
    • Makes to alert about the data that are under security threat .
    • You get an idea about the weakest section of your system through which someone can attack your system .
    • Gives you idea about possible areas where white hat techniques can be used to exploit your system security .
    • Protection against black hat attacks.

    These reasons makes every company and its network to invest a good amount on their system security and network security . Especially government portals , agencies , big MNC’s , corporate companies and Banking sectors spend a good amount on ensuring cyber security .

    Benefits of Penetration Test / Pen Test

    Pen Test is to ensure a secured system . This can add more benefit to any organisation and not doing a pen test is risky business as well . Every company must ensure they do risk assessment of their system security as well . Sometimes your system insecurity can lead to financial insecurity of the firm and eventually may be into break of customer loyalty even.

    • Increases Efficiency of Management

    If your system is secure and you have understood the flaws in the security system and rectified it . Thus during any unexpected or intentional cyber attacks your management can function without any tensions . Because pen test would have given you risk analysis report of your system security .

    • Ensure your customer loyalty

    In case if your system’s security issues were not detected and rectified in a pen test then any time you can loose the trust of your customer on your brand . Because leak of customer data can be a serious problem .

    • Safe zone from Fines & Penalties

    Data breach and leak of confidential data can lead to legal issues thus make you end up with paying huge penalties . Penetration test saves you from all such legal issues by putting an end to the chance of any kind of attacks to your system.

    • No Fear Data leak

    Data leak is a serious threat of any insecure system , so doing pen test reduces the maximum chance of data leak.

    • Financial Safety

    In case of banking networks or any payment gateway related systems , insecure system can increase the chance of financial loss , this can be avoided . And in case of other organisations they can avoid financial loss due to hack attempts and customer loss and penalties .

    What are the Types of Pen Test ?

    There are basically three types of pen test available on practice . Then there are different areas on which pen test is applied .

    There are three types of pen testing , they are –

    White box pen testing

    Black Box Pen testing &

    Grey Box Pen testing .

    Now we have given a basic outline about pen testing and will continue more about the pen test like How pen test is performed and types of Penetration testing etc .