What is Penetration Testing?

penetration test, colloquially known as a pentest or as ethical hacking, is an authorized simulated attack performed to evaluate the security of a server or a corporation.

There are three types:

  • Black box: The attacker has no information about the target
  • White box: The attacker has full information about the target (i.e. source code, low privilege user password, etc)
  • Grey box: A mix of two above, the attacker has some information and must obtain the other part

The difference between a penetration test and vulnerability assessment is that the latter only identifies vulnerabilities, usually using an automatic vulnerability scanner as NessusAcunetixOpenVASNexposeQualys, etc. And a penetration test identifies and exploits all the vulnerabilities until the security of the whole system or organization is compromised.

Tags:

Comments are closed

Latest posts

Categories

Latest Comments

No comments to show.