Building Virtual Pentesting Labs for Advanced Penetration Testing
Building Virtual Pentesting Labs for Advanced
Penetration Testing
Introducing Penetration Testing
In this chapter, we will discuss the role that pen testing plays in the professional security testing
framework. We will discuss the following topics:
Define security testing
An abstract security testing methodology
Myths and misconceptions about pen testing
If you have been doing penetration testing for some time and are very familiar with the methodology
and concept of professional security testing, you can skip this chapter, or just skim it, but you might
learn something new or at least a different approach to penetration testing. We will establish some
fundamental concepts in this chapter.
Security testing
If you ask 10 consultants to define what security testing is today, you are more than likely to get a
variety of responses. If we refer to Wikipedia, their definition states:
"Security testing is a process to determine that an information system protects and maintains
functionality as intended."
In my opinion, this is the most important aspect of penetration testing. Security is a process and not a
product. I would also like to add that it is a methodology and not a product.
Another component to add to our discussion is the point that security testing takes into account the
main areas of a security model; a sample of this is as follows:
Authentication
Authorization
Confidentiality
Integrity
Availability
Non-repudiation
Each one of these components has to be considered when an organization is in the process of securing
their environment. Each one of these areas in itself has many subareas that also have to be considered
when it comes to building a secure architecture. The takeaway is that when we are testing security,
we have to address each of these areas.
No comments:
Post a Comment