For my last blog of the semester i chose a blog on using penetration tests to strengthen cyber security, the article can be found here. In today’s time cyber attacks are becoming more and more common , and they can affect anyone from an individual to a large corporation. In the last few years alone we have seen a large number of corporations that have had to deal with large scale data leaks. Some of the ways that companies prepare for these attacks is by using vulnerability assessment, Penetration (or Pen) Testing, Security scanning, Risk Assessment, and Ethical Hacking in order to make there system more secure. In this article we are going to be focusing on Penetration Testing.
What is penetrations testing?well in this blog penetration testing is defined as follows: a sanctioned triggered attack that is conducted on a computer system to assess security flaws, which can otherwise result in a data breach or intrusion within the system. Basically you implement a cyber security attack yourself in hopes of finding insecurity’s that might one day be exploited in a real cyber attack. This can be done both by manual testing or automated testing , and is also referred to as a white hat hack.
penetration testing can be broken down into a few different subcategories. First up we have targeted testing , which is done by the systems IT team and is witnessed by all in the system. Next up we have External testing which tests all the organizations servers that are external facing such as web servers , domain names, and firewalls. This type of testing is to see what kind of damage can be done to the system from the outside. The next type of penetration testing is internal testing , which tests what kind of damage can be done from inside the system with authorized access. The final type of testing is call blind testing and this is testing where the attacking team only has limited information to use for the attack , and this is supposed to simulate a real life attack where anything could happen.
“Gartner in its report mentions that by 2020, 40 percent of all managed security service (MSS) contracts will be bundled with other security services and broader IT outsourcing (ITO) projects, up from 20 percent today. ” As we can see the security field is growing greatly today as the threat of cyber attacks also increases. One way to combat this is with the use of penetration testing. Cyber security can be very expensive so it is important for a company to be able to use penetration tests to figure out where they should be putting there money.
In conclusion, i picked this article because it is a type of testing that i had not seen too much of through out the semester and so it peaked my interest. The thing i found the most interesting about the article is how similar this type of testing is to regular testing. Even though you are testing the security of a system , the testing is done much in the same way , by testing all the different boundaries of the system. Automation can help with this but manual testing is always needed to accompany it. For manual testing security ,many of the different testing options we have discussed would also work here like boundary value testing and edge testing. While viewing many different types of testing this semester, i noticed that they all share a lot of similarities, and they all seem to be made up of some combination of the types of testing we have learned this semester. I have build a solid testing foundation this semester which will allow me to continue learning in the field of testing as i move forward.