Relevance of Penetration Testing
Penetration testing is a type of security testing. It is mainly used to find all the vulnerability that are present in the system being tested. Vulnerabilities usually occurs during software development and implementation phase. Usually Vulnerabilities will be design errors, configuration errors, bugs etc.
Penetration testing are usually executed in financial sector. The financial sector like Banks, Stock Trading Exchanges wants their data to be secured. So testing will ensure the security. Penetration testing can also be done to ensure whether there exist any threat in already hacked software system.
Basically there are three types of Penetration testing.
- Black Box Testing
- White Box Penetration Testing
- Grey Box Penetration Testing
In black box testing, tester has no idea about the systems to test. Tester is responsible to collect information about the target network or system.
In a white-box penetration testing, the tester have complete information about the network or systems to test including the IP address, source code, OS etc. This could be considered as the start of an attack by any Internal sources (Employees of an Organization).
In a grey box penetration testing, tester has only partial knowledge of the system. He will be an external hacker who had access to an organization's network infrastructure documents.