ITS-834
Research Paper: Penetration Testing
University of the Cumberlands
Emerging Threats & Countermeasure (ITS-834-A01)
Research Paper: Penetration Test
Introduction
A penetration test is essential in many ways. In most organizations, it is majorly used to
enhance the management system. It provides information concerning insecurity issues witnessed
in an organization (Chapple et al.2013). Penetration tests also can categorize the resulting
vulnerabilities based on the degree of occurrence. It can also be used to avoid fines as it keeps
the firm updated and complies with the auditing system. It also enhances protection from
financial damages (Meigh, 2017). It also protects the customers from breaches. From the
information above, it is clear that penetration tests play a significant role, especially in
enhancing security. This paper will define penetration testing, discuss the steps adhered to in
penetration testing, and lastly, the methods used in penetration testing
Penetration Testing
Penetration testing is also termed as pen test. This is an ethical hacking or a simulated
cyberattack against computer systems to determine the exploitable vulnerabilities. Penetration
testing is majorly involved in the attempted attack on various application systems such as servers
and application protocol interfaces with the objective of uncovering the vulnerabilities. A
penetration test can also be termed a certain process of determining security vulnerabilities in a
given application by evaluating the network with different malicious techniques (Chapple et al.
20130. In the process, the weak points can be exploited with the help of an authorized simulated
attack.
, Penetration testing is done purposely to test and also to enhance security to sensitive
data. It prevents the systems from unauthorized access. The individual taking part in penetration
testing is referred to as a penetration tester. With the results acquired in penetration testing, one
can tell whether the present defensive measures employed on the system are robust enough to
prevent attacks (Mainka et al., 2018). Penetration test reports can also be used to determine some
of the security measures that can reduce the number of risks to an acceptable level or eliminate
them.
Vulnerabilities can be caused by one way or another. One of the causes of
vulnerabilities in the design and development of errors. Errors may occur in the identified
design of the hardware and software. Another cause is poor system configuration. Loopholes
can be introduced if, by chance are poorly configured. The attackers will use such loops to
access the system and eventually compromise the information. Human error and poor
connective.
Stages of Penetration Testing
Penetration testing comprises five major phases: planning and reconnaissance, scanning,
gaining access, maintaining access, and finally, analysis. Planning involves the definition of the
scope and goals to be achieved during the testing process. Those goals involve the systems that
should be addressed and the methods used in the testing process. It also involves gathering
intelligence for an effective understanding of how the target works.
The second step is scanning. This involves how the target application will be used in
different intrusion attempts. This activity is done with the use of static and dynamic analysis.
Static analysis involves inspection of the application code to approximate the way it is behaving.
The tool will scan the whole code in a single pass. Adynamic analysis, on the other hand,
involves inspection of the application code, which is in a ruining state
Research Paper: Penetration Testing
University of the Cumberlands
Emerging Threats & Countermeasure (ITS-834-A01)
Research Paper: Penetration Test
Introduction
A penetration test is essential in many ways. In most organizations, it is majorly used to
enhance the management system. It provides information concerning insecurity issues witnessed
in an organization (Chapple et al.2013). Penetration tests also can categorize the resulting
vulnerabilities based on the degree of occurrence. It can also be used to avoid fines as it keeps
the firm updated and complies with the auditing system. It also enhances protection from
financial damages (Meigh, 2017). It also protects the customers from breaches. From the
information above, it is clear that penetration tests play a significant role, especially in
enhancing security. This paper will define penetration testing, discuss the steps adhered to in
penetration testing, and lastly, the methods used in penetration testing
Penetration Testing
Penetration testing is also termed as pen test. This is an ethical hacking or a simulated
cyberattack against computer systems to determine the exploitable vulnerabilities. Penetration
testing is majorly involved in the attempted attack on various application systems such as servers
and application protocol interfaces with the objective of uncovering the vulnerabilities. A
penetration test can also be termed a certain process of determining security vulnerabilities in a
given application by evaluating the network with different malicious techniques (Chapple et al.
20130. In the process, the weak points can be exploited with the help of an authorized simulated
attack.
, Penetration testing is done purposely to test and also to enhance security to sensitive
data. It prevents the systems from unauthorized access. The individual taking part in penetration
testing is referred to as a penetration tester. With the results acquired in penetration testing, one
can tell whether the present defensive measures employed on the system are robust enough to
prevent attacks (Mainka et al., 2018). Penetration test reports can also be used to determine some
of the security measures that can reduce the number of risks to an acceptable level or eliminate
them.
Vulnerabilities can be caused by one way or another. One of the causes of
vulnerabilities in the design and development of errors. Errors may occur in the identified
design of the hardware and software. Another cause is poor system configuration. Loopholes
can be introduced if, by chance are poorly configured. The attackers will use such loops to
access the system and eventually compromise the information. Human error and poor
connective.
Stages of Penetration Testing
Penetration testing comprises five major phases: planning and reconnaissance, scanning,
gaining access, maintaining access, and finally, analysis. Planning involves the definition of the
scope and goals to be achieved during the testing process. Those goals involve the systems that
should be addressed and the methods used in the testing process. It also involves gathering
intelligence for an effective understanding of how the target works.
The second step is scanning. This involves how the target application will be used in
different intrusion attempts. This activity is done with the use of static and dynamic analysis.
Static analysis involves inspection of the application code to approximate the way it is behaving.
The tool will scan the whole code in a single pass. Adynamic analysis, on the other hand,
involves inspection of the application code, which is in a ruining state
