<BackMeet the Pentest8/22/2022
Hello everyone 🖖
Today we are beginning to dive into the fascinating world of information security, or more precisely, into one of its significant subsections - penetration testing.
What is Penetration Testing (Pentest)?
An enterprise's corporate network can be external, which unites various servers and other remote devices, and internal (local area network), which unites enterprise devices located within the office location into a network. Each of these devices performs some function, for example, a server for a corporate website, a data warehouse or an employee's work computer.
Both operating systems and programs may have weaknesses. If you put pressure on these weaknesses correctly, you can gain access to the management of the device(s), and then use certain methods to capture the entire corporate network. Thus, it is possible to divide the pentest into external and internal. We will talk about this in more detail in the section "Main stages of testing".
Thus, a pentest is a simulation of a hacker attack, which is aimed at finding and compromising vulnerable devices in the external and internal network of an enterprise, or in the global Internet as a whole, in order to steal data or take the device out of working condition.
White box methods. In this group of tests, the tester knows the system being tested well and has full access to all its components. The testers work with the client and have access to private information, servers, running software, network circuits, and sometimes even credentials. This type of testing is usually carried out to test new applications before they are put into operation, as well as to regularly check the system as part of its life cycle - Systems Development Life Cycle (SDLC). Such measures make it possible to identify and eliminate vulnerabilities earlier than they can get into the system and harm it.
"Black box" methods. This group of tests is applicable when the tester does not know anything about the system under test. This type of testing is most similar to real attacker attacks. The tester must obtain all the information by creatively applying the methods and tools at his disposal, but without going beyond the agreement concluded with the client. But this method also has its drawbacks: although it simulates a real attack on a system or applications, the tester, using only it, may miss some vulnerabilities. This is a very expensive test, since takes a lot of time. Performing it, the tester will study all possible directions of attack and only after that will report the results. In addition, in order not to damage the system being tested and not cause a failure, the tester must be very careful.
Methods of the "gray box". The test takes into account all the advantages and disadvantages of the first two tests. In this case, only limited information is available to the tester that allows an external attack on the system. Trials usually performed in a limited volume, when the tester knows a little about the system. An example of information is a range of IP addresses that need to be checked for vulnerability.
Penetration testing is a very large and significant section of information security. It helps many companies around the world to reduce the risks of compromising devices, to identify unscrupulous personnel. With each new article on this topic, we will dive deeper into the world of pentest. In the next publication, we will consider, in general terms, what stages classical penetration testing consists of.
About graphs, simply.12/18/2022
In this article, we will begin our acquaintance with graphs, get acquainted with the breadth-first search algorithm (BFS) and implement the graph in the Rust programming language.
What is the difference between outsourcing development and outstaffing an IT employee for development?10/17/2022
In this article we will understand what outsourcing and outstaff development are.
Reducing the implementation period of MVP12/8/2022
Let's figure out the timing of the implementation of the MVP.
Testing an MVP concept1/9/2023
We will figure out how not to waste the budget on MVP development in vain
Incorrect estimation of the cost of IT contractor services9/10/2022
Today we will talk about the incorrect assessment of the cost of developing IT solutions. This pain is one of the main ones for enterprises and startups, including IT contractors themselves.
Introduction to Design Patterns in Software Development10/3/2022
In this article, we will begin to dive into the world of optimizing application architecture using design patterns.
OSI Model Levels9/6/2022
In this article, we will take a closer look at each of the levels of the OSI model
Documenting code in the Rust programming language8/24/2022
In this article, we will look at how documentation takes place in Rust and consider a very useful opportunity - writing tests through documentation.
Introduction to the OSI model8/19/2022
In this article we begin to consider the fundamental model of network interaction - OSI
CSS animation ripple8/31/2022
A simple example of how to implement ripple animation using HTML and CSS
From concept to MVP11/18/2022
In this article, you will learn, by example, how to move from a concept to an MVP without unnecessary complications in the functionality of the product
Introduction to writing the terms of references1/31/2023
The Terms of Reference are an important part of the development process. In this article, we will begin to dive into this issue.
Introduction to software development10/10/2022
Today, most companies are faced with IT development and often do not get what they want. In this article, we begin to dive into the process of creating IT solutions.
From idea to concept10/27/2022
In this publication, we will talk about how the idea differs from the concept. Let's do this with an example of a specific goal
In this article, we will get acquainted with weighted graphs, Dijkstra's algorithm, and its implementation in the Rust programming language.
Why does a VPN business need?9/27/2022
In this article, we will look at how you can secure access to enterprise cloud resources using a VPN