<BackMeet the Pentest
8/22/2022Hello everyone 🖖
Today we are beginning to dive into the fascinating world of information security, or more precisely, into one of its significant subsections - penetration testing.
What is Penetration Testing (Pentest)?
An enterprise's corporate network can be external, which unites various servers and other remote devices, and internal (local area network), which unites enterprise devices located within the office location into a network. Each of these devices performs some function, for example, a server for a corporate website, a data warehouse or an employee's work computer.
Both operating systems and programs may have weaknesses. If you put pressure on these weaknesses correctly, you can gain access to the management of the device(s), and then use certain methods to capture the entire corporate network. Thus, it is possible to divide the pentest into external and internal. We will talk about this in more detail in the section "Main stages of testing".
Thus, a pentest is a simulation of a hacker attack, which is aimed at finding and compromising vulnerable devices in the external and internal network of an enterprise, or in the global Internet as a whole, in order to steal data or take the device out of working condition.
Testing methodology
White box methods. In this group of tests, the tester knows the system being tested well and has full access to all its components. The testers work with the client and have access to private information, servers, running software, network circuits, and sometimes even credentials. This type of testing is usually carried out to test new applications before they are put into operation, as well as to regularly check the system as part of its life cycle - Systems Development Life Cycle (SDLC). Such measures make it possible to identify and eliminate vulnerabilities earlier than they can get into the system and harm it.
"Black box" methods. This group of tests is applicable when the tester does not know anything about the system under test. This type of testing is most similar to real attacker attacks. The tester must obtain all the information by creatively applying the methods and tools at his disposal, but without going beyond the agreement concluded with the client. But this method also has its drawbacks: although it simulates a real attack on a system or applications, the tester, using only it, may miss some vulnerabilities. This is a very expensive test, since takes a lot of time. Performing it, the tester will study all possible directions of attack and only after that will report the results. In addition, in order not to damage the system being tested and not cause a failure, the tester must be very careful.
Methods of the "gray box". The test takes into account all the advantages and disadvantages of the first two tests. In this case, only limited information is available to the tester that allows an external attack on the system. Trials usually performed in a limited volume, when the tester knows a little about the system. An example of information is a range of IP addresses that need to be checked for vulnerability.
Conclusion
Penetration testing is a very large and significant section of information security. It helps many companies around the world to reduce the risks of compromising devices, to identify unscrupulous personnel. With each new article on this topic, we will dive deeper into the world of pentest. In the next publication, we will consider, in general terms, what stages classical penetration testing consists of.
Lates
About graphs, simply.
12/18/2022In this article, we will begin our acquaintance with graphs, get acquainted with the breadth-first search algorithm (BFS) and implement the graph in the Rust programming language.
What is the difference between outsourcing development and outstaffing an IT employee for development?
10/17/2022In this article we will understand what outsourcing and outstaff development are.
UI/UX design: The creation process
4/9/2023In this article we will talk about the main steps in the process of creating UI/UX design.
UI/UX design: Introduction
3/29/2023In this article, we begin to get acquainted with UI / UX design. This is the most important stage in the development of any visual application interface.
Reducing the implementation period of MVP
12/8/2022Let's figure out the timing of the implementation of the MVP.
Choosing a programming language
3/17/2023In this article we will talk about choosing a programming language to study
Testing an MVP concept
1/9/2023We will figure out how not to waste the budget on MVP development in vain
Application Architecture Design: Introduction
3/6/2023In this article, we will talk about the process of creating the architecture of an IT solution.
The terms of references: Structure
2/17/2023In this publication we will consider the universal structure of ToR
Incorrect estimation of the cost of IT contractor services
9/10/2022Today we will talk about the incorrect assessment of the cost of developing IT solutions. This pain is one of the main ones for enterprises and startups, including IT contractors themselves.
Introduction to Design Patterns in Software Development
10/3/2022In this article, we will begin to dive into the world of optimizing application architecture using design patterns.
Choosing the direction of development for programming training
2/5/2023In this article, you will find out what areas of IT development there are, how they differ and in which they pay more
OSI Model Levels
9/6/2022In this article, we will take a closer look at each of the levels of the OSI model
Main types of application architecture
3/7/2023In this publication, we will look at what application architectures are
10 ways to use Rust Cargo
2/11/2023In this short article I have collected 10 ways to use the build system and package manager of the Rust programming language
Documenting code in the Rust programming language
8/24/2022In this article, we will look at how documentation takes place in Rust and consider a very useful opportunity - writing tests through documentation.
Introduction to the OSI model
8/19/2022In this article we begin to consider the fundamental model of network interaction - OSI
CSS animation ripple
8/31/2022A simple example of how to implement ripple animation using HTML and CSS
What is the purpose of an ER-diagram in the development process?
4/28/2023Let's discuss in general terms what an ER diagram is and what it is used for.
From concept to MVP
11/18/2022In this article, you will learn, by example, how to move from a concept to an MVP without unnecessary complications in the functionality of the product
What are UML diagrams used for?
5/23/2023In this article we will talk about what UML diagrams are, what they are and where they are used
Introduction to writing the terms of references
1/31/2023The Terms of Reference are an important part of the development process. In this article, we will begin to dive into this issue.
Introduction to software development
10/10/2022Today, most companies are faced with IT development and often do not get what they want. In this article, we begin to dive into the process of creating IT solutions.
From idea to concept
10/27/2022In this publication, we will talk about how the idea differs from the concept. Let's do this with an example of a specific goal
Weighted graphs
12/26/2022In this article, we will get acquainted with weighted graphs, Dijkstra's algorithm, and its implementation in the Rust programming language.
Why does a VPN business need?
9/27/2022In this article, we will look at how you can secure access to enterprise cloud resources using a VPN