Manual Penetration Test:-
It is very hard to discover entire vulnerabilities by applying automated tools.There are few vulnerabilities which can be determined by manual checks only. Penetration testers can accomplish more better attacks on software or applications according to their capabilities and intelligence of system being penetrated. One method of penetration testing like social engineering can be performed by only persons. The areas which are covered by manual checking are business logic, design as well as code verification.
Penetration Testing Process:-
What is the real procedure which are followed by the penetration testers or the test companies, will discuss here.The very first steps is to determining presence of vulnerabilities in the system. This is the primary and significant step of this process.
We can classify this procedure in the subsequent manners:-
- Data collection:- Different procedures are used to obtain target system data. Anyone can also utilize web page source code analysis approach to obtain additional information related the system,software or application and plugin editions. There are a lot of open tools and services are accessible in the market which can provide you intelligence like table names,database, versions of the database,software versions, hardware and different plugins of the third parties which are used in the target systems.
- Vulnerability Assessment:- This method is depend on the information composed in the prime step anyone can discover the weakness of security in the target system.This procedure benefits to penetration testers to start attacks applying determined entry points in the system.
- Actual Exploit:- This step is very critical. For this step needs exceptional abilities or talents and approaches to start attack on the object system. Skilled penetration testers can use their talents to start attack on the system.
- Result analysis and report preparation:- After accomplishment of penetration tests complete reports are arranged for taking corrective operations. All the verified vulnerabilities and approved corrective operations are mentioned in these reports. You can arranged vulnerability report format according to your company requirements. For exp these vulnerability report format may be like-XML, MS Word,HTML or PDF etc.
0 Comment(s)