It involves gathering all available information about the computer system or network and the devices that are attached to it. Foot printing should enable a penetration tester to discover how much detail a potential attacker could find out about a system and allow an organisation to limit the technical information about its systems that is publicly available.
Ethical hackings
This is carried out with the permission of the system owner to cover all computer attack techniques. An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the system owner to improve system security.
Penetration testing
This is a subset of ethical hacking that deals with the process of testing a computer system, or network, to find vulnerabilities an attacker could exploit. The tests can be automated with software applications or they can be performed manually.
Penetration testing strategies include:
Targeted testing – testing carried out by the organisation's ITC team and the penetration testing team working together
External testing, to find out if an outsideattacker can get in and how far they can go once they have gained access
Internal testing, to estimate how much damage a dissatisfied employee could cause
Blind testing, to simulate the actions and procedures of a real attacker by severelylimiting the information given to the team performing the test.