Proposed Analytical Process/Methodological Approach.
Ethical considerations to undertake the pen testing.
It is almost impossible to pick up the newspaper or read something online from your favourite article online from various other sources in current time without looking on other articles about finding theft or credit card number can be stolen from unprotected databases. Crimes related to cyber and the threats related to computer attacks are increasing day by day and thus need for professionals of security that understands about the attackers and how these attackers attack on the network and how this is growing together with the threat. All the agencies of government and private organisations depends on the “ethical hackers” and also known as professional security testers and how they put the network on the test and find out the vulnerabilities prior to attackers do. Of one needs to become a security tester than one needs to have all the understandings of computers and all the basics of networks.
This paper will discus about pen testing engagement for analysis part and propped methodology. This paper will also discuss about the penetration testing and ethical hacking. These are the proactive ways of testing distinct applications of web by attacking and these attacks are same as real attacks that can occur on any day. These attacks are executed in a very controlled manner and they have objective to find the flaws of security as much as possible and to give feedback on how to eliminate the risks generated by these flaws (Oriyano, 2016).
Agreement is the part of the process; an agreement is needed to draw in between the organisation and customer. The agreement will help in providing the scope and nature of the penetration testing that will going to carry out, containing all earmarks that must be recognised. Organizations have to take all the required steps to maintain the operation status of all the confidential system.
There are some points that play the important role and included in the agreement:
Generally, pen testing is enforced in the organization with the help of software vendor and this vendor takes certain activities (vendor can mimic the activities that can do a hacker) to eliminate or to find out the vulnerabilities of a specific computer system and network. The client’s computer network and system is that much safe as the least link which is least protected, it is vital to test a range of hardware and software. Hence, before taking the testing into consideration, it is important for the organization’s other item also consider such as applications and systems that are required to be tested, what are the access points that required to be tested, are the touch points of the organizations along with the third party offerors required to be tested. Pen tester helps in detecting the information such as network architecture, systems and all other applications, and the profiling of company as well (Weidman, 2014).
The tester can uncover the range of vulnerabilities such as minor issues such as programming codes are not up to date, servers are misconfigured, and major issues like credentials are compromised and exposed the gateways of company inadvertently. These issues can leave the confidential information open for attack.
The major aim of the tests is to control the issues and make the issues isolate in a good and controlled manner.
Black box testing is recommended to use in the organization. Black box testing does not require any prior knowledge about the pen-testing. This is the reason; the black box testing is recommended. This type of testing regulates the vulnerabilities in the applications and systems of the organization that can attacked or hacked by the external network.
Black box testing is the more realistic testing but it also need more time and it has the great potential to overlook the vulnerability that exist in the internal part of the application system or network. A hacker who is real life does not have any limitation of time and the attacker can develop the attack plan in months and can wait for the right time (Infosec, 2019).
These are six penetration testing methods that are helpful in achieving amazing results. The critical phases of the penetration testing is given below:
The policy to protect the data will be applied to all the accessed information or recovered information which is recovered while pen testing of the network or system. All the information of the client should be kept secretly and securely till the time to handover the final detail to customer. After giving the final report to the client, all the data stored in the system should be deleted from the computer or all other systems (Faily et. Al, 2019).
The pen testing should be carried out from a laptop or any other professional computer system. The laptop will act as the host machine which has windows 10 interface. Apart from software, the business will be needing the hardware, and word list. The word list will help in cracking the password. This depends on the business that which type of word list it wants to use.
The timeframe is an estimation only and it depends on the business to business. Different phases takes different number of days.
This paper analysis the plan and outlines the methodology that will be taken by the business to carry out the penetration testing in organization’s system.
7 penetration testing plan to achieve amazing results. (n.d.). Retrieved from https://cyberx.tech/penetration-testing-phases/. Accessed on 16th of Aug 2020.
Faily, S., McAlaney, J., & Iacob, C. (2019). Ethical Dilemas and Dimensions in Penetration Testing. Retrieved from https://cybersecurity.bournemouth.ac.uk/wp-content/papercite-data/pdf/fami15.pdf. Accessed on 16th of Aug 2020.
(2019). What are Black Box, Grey Box, and White Box Penetration Testing ? . Retrieved from https://resources.infosecinstitute.com/what-are-black-box-grey-box-and-white-box-penetration-testing/#gref. Accessed on 16th of Aug 2020.
Oriyano, S.-P. (2016). Certified Ethical Hacker: Version 9 Study Guide, [Version 9]. Retrieved from https://onlinelibrary-wiley-com.ezproxy.ecu.edu.au/doi/book/10.1002/9781119419303. Accessed on 16th of Aug 2020.
The Practical Testing Execution Standard. (2017). The Penetration Testing Execution Standard Documentation. Retrieved from https://buildmedia.readthedocs.org/media/pdf/pentest-standard/latest/pentest-standard.pdf. Accessed on 16th of Aug 2020.
University of Iowa. (2018). Penetration Testing Agreement. Retrieved from https://itsecurity.uiowa.edu/sites/itsecurity.uiowa.edu/files/wysiwyg_uploads/penetrationtestingagreement.pdf. Accessed on 16th of Aug 2020.
Velu, V. K., & Beggs, R. (2019). Mastering Kali Linux for Advanced Penetration Testing [3rd]. Retrieved from https://books.google.com.au/books?hl=en&lr=&id=kQGGDwAAQBAJ&oi=fnd&pg=PP1&dq=penetration+testing+methodology&ots=N-wLyV-azk&sig=ryaV7eKVg-lg9n6dc6bxR4HURK8&redir_esc=y#v=onepage&q=penetration%20testing%20methodology&f=false. Accessed on 16th of Aug 2020.
Weidman, G. (2014). Penetration Testing,A hands on introduction to hacking, . Retrieved from https://ebookcentral.proquest.com/lib/ecu/reader.action?docID=1931614. Accessed on 16th of Aug 2020.
Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help
Proofreading and Editing$9.00Per Page
Consultation with Expert$35.00Per Hour
Live Session 1-on-1$40.00Per 30 min.
Doing your Assignment with our resources is simple, take Expert assistance to ensure HD Grades. Here you Go....
Min Wordcount should be 2000 Min deadline should be 3 days Min Order Cost will be USD 10 User Type is All Users Coupon can use Multiple