Events

Browse Events My events

Blog

Browse articles

Market

Latest Products

More

Forum Explore Popular Posts Games Jobs Offers
Events Market Blog See all
Science and Technology

penetrant testing techniques

User Image
6 Views

To get the most value from penetrant testing, the testing organization should be provided with the most detailed information possible. These organizations also sign non-disclosure agreements, so you can feel more comfortable sharing policies, procedures, and other critical information abou

penetrant testing techniques

To get the most value from penetrant testing, the testing organization should be provided with the most detailed information possible. These organizations also sign non-disclosure agreements, so you can feel more comfortable sharing policies, procedures, and other critical information about your network.

Also determine which systems need to be tested. While you don't want to miss a system that could be attacked, you might still want to outsource your penetrant testing in stages so that each phase focuses on a different part of the network.

You should also establish testing guidelines, such as: penetration testers can look for vulnerabilities and test for them, but not exploit them because they could compromise the system you're trying to protect.

In addition, you need to provide appropriate access to testing. If you want to test a system inside the Demilitarized Zone (DMZ), the best place to test is within the same network segment. Having penetration testers test outside the firewall may sound more practical, but internal testing can greatly improve the likelihood of discovering server security vulnerabilities that the firewall originally hid. These vulnerabilities could be exposed if the firewall Settings change, or someone could exploit a DMZ server to attack another server. Remember the Nimda virus? It is the first successful attack, using a Web server to launch other attacks.

In the case of Web or application servers that require external access, you should consider sharing the source code of these applications with penetration testers if the tests involve these scripts or programs. Without source code, it is difficult to test ASP or CGI scripts, and it is unwise to assume beforehand that an attacker will not see the source code at all. Vulnerabilities in Web server software often expose scripts and applications to remote attackers. If you have access to the source code of your application, you can improve the efficiency of testing that application. After all, you're paying penetration testers to find vulnerabilities, not waste their time.

tom lee

14 Blog posts

Elevating Your Brand with Quality Custom Candle Boxes and Packaging Solutions Live Style

Elevating Your Brand with Quality Custom Candle Boxes and Packaging Solutions

The nao la dich vu dan noc den xe hoi dang tin cay Other

The nao la dich vu dan noc den xe hoi dang tin cay

Botulinum Toxin Market Is Expected to Grasp the Value of USD 18.16 Billion with Growing A CAGR of 10% by 2032 Other

Botulinum Toxin Market Is Expected to Grasp the Value of USD 18.16 Billion with Growing A CAGR of 10% by 2032

Comments