Planning for Penetration Testing

Home  ›  Elearning  ›  Planning for Penetration Testing
Planning for Penetration Testing
June 23, 2020 No Comments Elearning, Online security admin

In the last episode, I described the need to test your systems to assess if it has any vulnerability, and then use the report to fix up and patch the crucial areas of importance.

Penetration testing is also referred to as ethical hacking. Though both refer to the same concept, there is a difference between the two. Penetration testing is performed on a specific information system or as a specific objective while ethical hacking has a more broad objective, which includes all other hacking methods, and other activities to combat and mitigate cyber-attack. You can consider penetration testing as a subset of ethical hacking techniques. It suffices to say that an ethical hacker needs to have a more comprehensive knowledge of the hacking methodologies than a penetration tester.

The decision to conduct penetration testing is an indication of the importance of risk management in any organization. It is a good professional practice to document security policies that outlines how penetration testing should be conducted and how it relates to different types of systems, such as servers, wen applications, laptops, desktops, tablets, smartphones, and numerous others.

Penetration testing should not be an ad-hoc activity. There are professional standards and regulatory requirements that must be considered. In the United States, there are regulations such as The Health Insurance Portability and Accountability Act (HIPAA), The Health Information Technology for Economic and Clinical Health Act (HITECH), The Payment Card Industry Data Security Standard (PCI DSS) and many others. In Canada, there is The Personal Information Protection and Electronic Documents Act (PIPEDA). In the European Union, there is The General Data Protection Regulation (GDPR). There are many more regulatory requirements to consider depending on your location. Whatever you do and wherever you reside, it is imperative that you plan for a penetration testing before you embark on it.

The penetration testing executing standards which can be located here, and the council of registered ethical security testing (CREST), which can be located here have very good resources to assist in planning for a penetration testing.

Tags
admin
Use Defensive Cybersecurity to Mitigate Cyber attack July 28, 2021
The Human Factor in a Ransomware Attack Part-2 June 17, 2021
Gathering Penetration Testing Intelligence from Network and Application Platform Configuration June 1, 2021
Security Implication of Web Frameworks May 18, 2021
How to use Comments and Metadata Information to Gather Intelligence for Penetration Testing May 11, 2021
How to Use Robots.txt File to Gather Intelligence for Penetration Testing April 27, 2021
Gathering Information for Penetration Testing Using Search Engines Discovery and OWASP ZAP April 20, 2021
Penetration Testing Information Gathering for Web Server Fingerprinting April 15, 2021
Approaches to Penetration Testing April 7, 2021
Tool Selection for Penetration Testing March 23, 2021

Leave a reply

Your email address will not be published. Required fields are marked *