Commercial Penetration Testing Essay

1574 words - 7 pages

Commercial penetration testing is the process of controlled security assessment or audits performed in such a manner as to reveal weakness and vulnerabilities. These processes help expose infrastructure weaknesses which in turn allows a company to implement fixes for these security holes. While this process simulates real world attacks, it is not a random brute force undertaking. In commercial penetration testing there are standards and methodologies that provide a detailed roadmap of practical ideas and proven practices (Halfond, 2011).
Enterprise level penetration testing is an endeavor usually performed by 3rd party consultants. Shifting this testing from internal to external gives an even more accurate result of testing because internal stakeholders may have inside knowledge an attacker will not have or the stakeholder will omit some of the necessary testing due to overconfidence in the system or the desire to avoid finding weaknesses in something they had a direct hand in implementing. This is not to say that there is not a place for internal testing during implementations and maintenance. The important thing to note is that penetration testing is usually the last step in a security assessment plan which is a very aggressive form of testing performed by highly qualified individuals.
"Although there are different types of penetration testing, the two most general approaches that are widely accepted by the industry are Black-Box and White-Box " (Ali, Heriyanto, 2011). Black-Box penetration testing is defined as external testing performed remotely by testers that have no inside knowledge of the infrastructure being tested. This testing employees many of the tools a real outside threat would employee to compromise an enterprise level business. During this testing it is likely that not only will known vulnerabilities be exposed but there is also a good chance that unknown vulnerabilities will be revealed. In this testing it is up to the black-hat auditor to indentify, list and categories each vulnerability. The assessment of the risk is categorized in low, medium and high categories according to the severity of the threat and possible financial loss. The black-hat auditor then takes all of this information and produces a report outlining all of this information for the business (Ali, Heriyanto, 2011).
Conversely to the Black-box testing methods, White-box testing is testing that is done internally. While this may still be a 3rd party auditor they are given explicate information concerning the businesses underlying technologies of the target environment. This allows the auditor to focus efforts on compromising known systems as opposed to the Black-box testing which throws every tool at the process. "The number of steps involved in white-box testing is a bit more similar to that of black-box, except the use of the target scoping, information gathering, and identification phases can be excluded" (Ali, Heriyanto, 2011). With this more refined,...

Find Another Essay On Commercial Penetration Testing

A Forensics Memory Study of Malware in Android Operating Systems

2744 words - 11 pages : [5] Simson L. Garfinkel. (July 12, 2011). Navyʼs Research University: Android Forensics Simplified. [Online] Available: [6] Stephan Chenette. (Oct 23, 2013). IOActive labs: Building Custom Android Malware for Penetration Testing. [Online] Available:

Tera Tech Benchmarking Essay

2468 words - 10 pages marketing mix. Although the, price and distribution was correct, when Kellogg's promoted the cereal many consumers did not agree the commercial which showed a couple sleeping or getting ready for work while the child ate the breakfast mates. Many of the consumers found the cereal pointless, because the child can open a regular box of cereal and milk instead of the breakfast mates. Another key factor why Kellogg's breakfast mates fail was because of

Boeing Case Analysis including SWOT Analysis, Internal External Matrix, and much more.

9465 words - 38 pages performance. This amount covers the design, development, and testing of defense systems, new commercial aircraft, and space programs.Computer Information SystemsThe biggest impact of this area is in sales. Boeing is considered to be one of the top five internet sellers. Their statistics state that in 24 hours, they will sell more than $2 million of products over the internet. This is a very important factor to Boeing's success. They have successfully

ECO/361 Industry Overview Final Project

5437 words - 22 pages professional standards. Related phenomena that will continue to change laboratory standards and practice are the direct results of the rapid change in modes of laboratory organization and service delivery. These include the paradoxical growth of interest in "point-of-care testing" that has occurred in conjunction with increasing automation, centralization, consolidation and increase in size of both commercial and hospital laboratories, the latter often

The Promise of Truly Advanced Broadband

3157 words - 13 pages Beyond BroadbandInternet2 focuses on the needs of the higher-education community, but the evolution of the commercial Internet is also a very important part of its mandate. The term broadband is commonly used to describe Internet connectivity faster than that of dial-up modems, typically data rates of 300–1,000 kilobits per second for cable modems and phone-company provided digital subscriber lines (DSL). The Internet2 community is looking

Keeping Your Business Running in the event of a criminal attack: Prevention, Protection & Continuity measures

5650 words - 23 pages penetration testing. This involves testing your networks security by simulating an attack on it by an unauthorised user (Brown, 2006, p73).By acting as an attacker, these tests allow an organisation to identify any vulnerability in their security. Vulnerabilities can occur for a multitude of reasons - for example, incorrect system configuration, hardware or software flaws, even weaknesses in process or technical countermeasures.Vulnerabilities are then

Analysis of The Limited, Inc.

4956 words - 20 pages Limited, Inc., began testing the market for men's fashions by offering "Express for Men" in Express stores beginning in 1987. Sixty-nine Structure stores opened in 1989 and by the end of 1997, there were 54 stores. Structure stocks good-quality, affordable clothing in the latest styles. The target customer is in his mid-twenties and "urban, active, young, and creative." Structure stores generally open into Express stores so customers can shop in


2334 words - 9 pages provisions of the Thai Civil and Commercial code. Furthermore, the scope of enforcement has been broadened. As the new sections will prevail over conflicting provisions of any employment contract or work regulations of companies, all employers must be aware of these amendments. We are going to summarize the most important rules that relate to Thai employment law, such as:Normal Working HoursThe normal working hours have been modified. The maximum working

Introduction to Public Key Infrastructure

2054 words - 8 pages employee and to delete access at the right time. Testing and auditing should be taken to continually monitor the success of the operation.Implementation phases and activities Fundamentally, all proper options should be studied as well as the best option is supposed to be selected. To value user input and balances needs versus costs, an implementation plan have to be developed; furthermore, after the plan has been implemented, it is time to study the

Kraft INC marketing strategy analysis

3704 words - 15 pages industry of the markets we are entering. In this report, we have decided to use one country to explain how Kraft Foods Inc. conducts the feasibility study to make the commercial decision to enter that marketThe Environmental analysis is based on PESTEL framework, and examines the political, economical, social, technological, environmental and legal environment that governance overseas markets. Beside that we also make comparison of our competitors

Wireless IT and RF Infrastructure for Stores

3830 words - 15 pages Printers Originally it was planned to use a certificate based authentication model similar to the Head Office wireless solution. It became apparent during testing of the various components from Symbol and Microsoft that there were a number of issues related to the correct handling of certificates on both client devices and the WS5100. These issues have been reported to the vendors and updated components have been promised. However given the

Similar Essays

Advanced Research Cyber Security Essay

1465 words - 6 pages Advanced Research procures and implements the extensive use of Metasploit Framework products to safeguard its systems. Overview of Metasploit Framework and Metasploit Pro Metasploit Pro is the commercial version of the Metasploit Framework (MSF). MSF was originally conceived and founded by professional penetration tester HD Moore. Mr. Moore set out to build an open source platform that would provide “a consistent, reliable library of constantly

Should A Company Select Proprietary, Open Source, Or Free Software For It’s Most Important Information Systems?

1434 words - 6 pages proprietary developers are using open source then why do we have a need for a middle man? Why not just take the project by storm and use open source to create our own version of software that allows us to build a system unique unto itself? Wikipedia states, "The main advantage for business is that open source is a good way for business to achieve greater penetration of the market. Companies that offer open source software are able to establish an

Pure N Clean International Marketing Plan: Phase One

1282 words - 5 pages . This news can be distressing to the tourist business in Mexico. If this situation is not properly addressed, long-term impacts can devastate the tourist industry and the financial welfare of Mexico.Pure-n-Clean offers water filtration systems to homes and tourist attractions and resorts. Filters range in size from small pitchers to complete residential and commercial systems. Resorts and restaurants will be able to guarantee tourist's safety when

Scanning Probe Microscopy And Nano Mechanical Testing

1606 words - 6 pages properties of variety of materials have been measured. Mechanisms of material removal are also studied. Localized surface elasticity maps of composite materials with penetration depths less than 10nm can be found using SPM with nano mechanical testing procedures. Nano indentation hardness and the young’s modulus of elasticity can be measured with a depth of indentation as low as 1nm. Scratching and indentation on the nano scale are powerful