Penetration Testing

By Subraya Mallya on 01 July 2010 | Topics - Cloud Computing

Penetration Testing is a process wherein you simulate the actions of a real hacker. A series of activities, aimed at various parts of a IT infrastructure, are performed to gain access to the data and network devices that one should not be having access to.

The activities conducted during a penetration testing could assume the following and try to exploit them

  1. Un-hardened or wrongly configured  IT components exposing vulnerabilities like error logs sharing infrastructure information, passwords etc or open ports that allow unfettered access.
  2. Unprotected access points, like logins, desktops.
  3. Unsophisticated application code that allows buffer scans, SQL Injection, URL rewrites.
  4. Easy to guess passwords and not so robust password management.
  5. Unchanged out-of-the-box settings that are public knowledge.

With the aid of sophisticated algorithms and heuristics companies that specialize in performing penetration testing identify potential vulnerabilities and prove that they can be exploited. If, in fact, it is successful in gaining access, and the IDS/IPS systems in place can trace it, that also in a way establishes usefulness of those systems.

We would love to hear your thoughts. Please leave a comment

Note: Please review our Comment Policy

Back to Top