Designing A Successful Penetration Test

2715 Words11 Pages
Part 1- Planning Stage
Introduction
The principal behind writing this article is to put forward a precise approach that needs to be followed to perform a successful penetration test by selecting right tools and by making a good Development of assessment plan (ROE). This plan document includes different types of penetration testing; a different penetration testing technique a web application penetration testing methodology and a high level tools and techniques for analysing the security of a particular web application. The reason for making plan document is to make a robust security assessment plan.
The main objective of penetration testing is to secure organisation confidential data from outsider like black hat hacker or business
…show more content…
There are two types of penetration test; 1.Black-box test. 2. White-box test. 3. Grey-box test. Giving organization a flexibility to choose that bests meets their requirements.
• Black-box test
 In this test the pentester has no prior knowledge about the target system, extensive reconnaissance is needed as organization doesn’t provide any information about the system to be tested to the penetration tester, the penetration tester himself have to gather as much information about the target system or a network and perform the test.
• White-box test
 In a white-Box test the pentester has the complete knowledge of the computer/network infrastructure, the organization provide the full detail about their IT infrastructure to the pen tester has a complete. It simulates what might happen during an "inside job" or after a "leak" of sensitive information.
• Grey-box Test
 In this test the pentester has a partial knowledge. Pentester has a level of authority as user.

Document Scope:

The main purpose of this document is to explain the details information about the various tools and techniques that are going to be used in executing the web penetration test. We will also have a look on the features and the outcomes of each particular tool, and the vulnerabilities that the particular tool can able to find out. There are many different open source tools listed in this document which has ability to perform different
Get Access