Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • The process involved in Penetration Testing

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 468
    Comment on it

    The process involved in penetration testing are following:-

    • Discovering a combination of legal/official functioning that will let the tester carry out an unofficial function.
    • SQL commands
    • Unchanged salts in source-visible projects
    • Human connection, using old hash/crypto function.

    Fuzzing is a technique used to discover vulnerabilities. Under this approach we need to get an uncontrolled error through random input. Random input will allow the penetration tester to use less commonly used code paths. It is urgent because as we know well-written code paths would have commonly been free from buds. Errors can display information, such as HTTP server failure/collapse with full info trace-backs.

    Take for example a website having several text input boxes. A few of them would be vulnerable to SQL injections on certain strings. So if we verify these textboxes by offering random strings , probably it may hit the bugged code path. The error will appear as a broken HTML page, distorted because of SQL error.

    Software program have number of likely input streams including text boxes, RPC mode, the transmitted file stream, such as cookie/session data or the storage. In any of these input streams, errors can be shown.

    As a penetration tester, The main goal must be to catch an unexpected error, and then examine the nature of the defect. Then write an automated tool to test this until it is corrected. Package the illegal operation so that its execution will be triggered. The unofficial activity, also known as payloads can be:

    - Remote mouse controller
    - Webcam peeker
    - Ad popupper
    - Botnet drone
    - Password hash stealer

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: