An Overview of Penetration Testing

An Overview of Penetration Testing

Chiem Trieu Phong (Auckland University of Technology, Auckland, New Zealand) and Wei Qi Yan (Auckland University of Technology, Auckland, New Zealand)
Copyright: © 2014 |Pages: 25
DOI: 10.4018/ijdcf.2014100104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Penetration testing is an effort to attack a system using similar techniques and tools adopted by real hackers. The ultimate goal of penetration testing is to call to light as many existing vulnerabilities as possible, then come up with practical solutions to remediate the problems; thus, enhance the system security as a whole. The paper introduces concepts and definitions related to penetration testing, together with different models and methodologies to conduct a penetration test. A wide range of penetration testing state-of-the-art, as well as related tools (both commercial and free open source available on the market) are also presented in relatively rich details.
Article Preview

1. Introduction

As pointed out by Fahmida (2011), despite the fact that cyber attacks and malwares have been rocketing in this century of information, many companies and organizations today are not proactively testing their infrastructure to identity security vulnerability. Once connected to the Internet, companies’ systems can be probed, scanned, and even attacked constantly with the proliferation of free hacking tools and inexpensive devices like key loggers and Radio Frequency scanners (Chan & Schaeffer, 2008, p.44-46). As a result, every organization needs to seriously protect their systems against unauthorized access.

According to most security professionals, companies should defend themselves against the threat environment with different security strategies, for instance, periodic audit to assess risks, and proactive penetration testing. Instead of waiting for attacks to occur, which is obviously unsafe, uncontrolled, and inefficient, entrepreneurs should examine their system regularly to reveal any flaw existing in the network or website that can be taken advantage of to compromise the whole system.

Similar to the well-known saying, “the best defense is a good offense”, “the best method to test security implementation is to try it out”, said Hare (2001, p. 569-595). In other words, the best way to determine how secure a system is to attempt to break into it. This is where the term penetration testing makes its appearance. The following section of this report introduce several definitions as well as concepts related to penetration testing, while section 3 covers different methodologies to perform a penetration test, together with various penetration testing models. Section 4 presents a wide range of penetration testing tools available (either free open source or commercial) for further reference. Finally, issues related to penetration testing are concluded in the last section.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing