Subscribe by Email

Monday, May 14, 2012

What is the concept of penetration testing tools?

We all are quite familiar with what is a penetration test or a pen test. Every kind of software testing technique makes use of certain tools, so does penetration testing. 
This article is focused up on the tools that are meant for carrying out the penetration testing. Before moving on to the discussion about the tools, let us buck up with some concepts of penetration testing. 

About Penetration Testing

- Penetration testing gives a measure of the security of the software system or application or a computer network. 
- This is done by the simulation of the attacks as from the outside malicious attackers. 
- The attacker can also be an insider. 
- The attackers are classified in to outsiders and insiders on the basis of the approach of their access to the software system or application. 
- The attackers not having any authorized access to the system are called as outsiders and those who have any extent of authorized access to the system are called insiders. 
- The first step in the penetration test is the identification of the potential vulnerabilities of the system by carrying out an active analysis.
- These vulnerabilities are a consequence of the improper configuration of the software system or they may occur also because of flaws in the hardware and software components of the system. 
- Some of the technical counter measures may also revoke these vulnerabilities.
- The penetration is performed in the way that a potential attacker might follow to attack the system. 
- After the identification of these vulnerabilities, these are brought to the notice of the owner of the system. 
- These potential vulnerabilities are then coupled with a proper assessment of their potential impacts on the system as well as organization using several effective penetration tests. 
- Some technical counter measures are then designed to reduce their impact on the system. 

There are several reasons that make the penetration testing way more valuable. Now coming to the discussion regarding the penetration testing tools, since there are many ways in which the penetration testing can be carried out, there are several types of tools that can be employed for the penetration testing.

Approach used in Penetration testing

- Depending up on the amount of knowledge the tester has about the software system or application, either the black box approach or the white box approach is followed. 
- If the tester has less knowledge of the system, he/ she is likely to follow the black box approach.
- On the other hand if he/ she has ample amount of knowledge then the white box approach is used. 
- Accordingly the tools are chosen i.e., black box testing tools for black box approach and similarly white box testing tools for the white box approach. 
- It is required that the location and the extent of the system to be tested is determined properly before starting the testing. - For the white box approach the tester needs to know about the critical aspects like the IP address of the system and source code. 
- If the amount of knowledge is intermediate between the amounts required for the black box and white box approaches, then the grey box testing approach is allowed. 
- This involves the intermixing of the white box and black box testing techniques. 
- Both the white box testing tools as well as black box testing tools can be employed here. 
- All these three approaches have their own merits and demerits which are often debated.
- These tools are deployed for the creation of the hostile environment for the testing of environment.

Types of Penetration Testing Tools

1. Port Scanners
2. Vulnerability Scanners
3. Application Scanners
4. Web Application Assessment Proxy

No comments:

Facebook activity