The Testing For The Penetration Testing

1149 WordsMar 24, 20175 Pages
The final step is the cleanup, this would entail reverting any changes that were made to perform the penetration testing, such as notifying the required parties that any accounts that were created specifically for the test could be disabled if no longer required and any other house cleaning. There are various categories of penetration testing. The previous type described previously could be referred to as a Gray Box Penetration Testing, were the organization performing the testing is provided some information about the systems in the scope, it could be considered a simulation of an external attack. The other are Black Box and White Box Penetration Testing. A White Box is one the penetration tester has been provided with whole range of…show more content…
An agent is available to run locally on systems for even more in-depth scans. Running a scan isn’t very difficult, it just a matter accessing the Nessus web interface, select new scan and select name, choose a target, which could be an entire network or a single target, deciding the type of scan, which could be predefined or custom to scan for particular vulnerabilities such as Badlock Detection scan, which looks for a security issue with SAMBA, a Shellshock scan that looks for vulnerabilities in old Linux or Mac machines, or DROWN scan that looks for computers hosting sites susceptible to DROWN attacks, once the decision of type of scan has been made save the scan. These scans could run on demand or scheduled. When the scan is complete, Nessus generates an online report of the results of the scan, that could also be exported in various formats. These reports are broken down into three sections, Host Summary, Vulnerabilities by Host and Vulnerabilities by Plugin. The Host Summary list the all the devices scanned by IP Address. You can select an IP Address from the list, to see scan results, which will show the risk level associated with each scanner plugin. Nessus uses what they term plugins to check for vulnerabilities. Plugins are written in Nessus Attack Scripting Language (NASL), and contain vulnerability information, a generic set of remediation

More about The Testing For The Penetration Testing

Open Document