Identifying vulnerabilities

avatar
Created by
Oliver

Cards (4)

  • Foot printing
    It involves gathering all available information about the computer system or network and the devices that are attached to it. Foot printing should enable a penetration tester to discover how much detail a potential attacker could find out about a system and allow an organisation to limit the technical information about its systems that is publicly available.
  • Ethical hackings
    This is carried out with the permission of the system owner to cover all computer attack techniques. An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the system owner to improve system security.
  • Penetration testing
    This is a subset of ethical hacking that deals with the process of testing a computer system, or network, to find vulnerabilities an attacker could exploit. The tests can be automated with software applications or they can be performed manually.
  • Penetration testing strategies include:

    • Targeted testingtesting carried out by the organisation's ITC team and the penetration testing team working together
    • External testing, to find out if an outside attacker can get in and how far they can go once they have gained access
    • Internal testing, to estimate how much damage a dissatisfied employee could cause
    • Blind testing, to simulate the actions and procedures of a real attacker by severely limiting the information given to the team performing the test.