Scribd
Upload
33 views1 page

Rapid7 Infographic What Is Penetration Testing

Penetration testing is the process of mimicking real-world attacks to identify security gaps in an organization's IT infrastructure. It acts as quality assurance for IT security by checking security controls and helping organizations meet compliance requirements. A typical penetration test involves discovering devices on a network, gaining access, collecting evidence, and taking control in order to simulate the actions of a real attacker.

Uploaded by

Myria Randriamalala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
33 views1 page

Rapid7 Infographic What Is Penetration Testing

Penetration testing is the process of mimicking real-world attacks to identify security gaps in an organization's IT infrastructure. It acts as quality assurance for IT security by checking security controls and helping organizations meet compliance requirements. A typical penetration test involves discovering devices on a network, gaining access, collecting evidence, and taking control in order to simulate the actions of a real attacker.

Uploaded by

Myria Randriamalala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

PENETRATION

TESTING?
Penetration testing is the process of identifying security gaps
in your IT infrastructure by mimicking real world attacks.
Think about it as quality assurance for your IT security.

WHY
PENETRATION Prevent
data braches
Check
security controls
Meet compliance
requirements

TESTING?
People conduct
penetration tests
for a number
of reasons: Get a baseline for Ensure security Assess incident
your security program of new applications detection and response
effectiveness

Every penetration tester has a slightly different method,


and assessments depend on the environment and goals.
That said, here are the stages of a typical security assessment:

Smart Bruteforcing

Automated Exploitation
DISCOVER DEVICES

Port Scan
Manual Exploitation
(Nmap)
GAIN ACCESS

Vulnerability Scan Social Engineering Campaign


(Rapid7 Nexpose)

Manually Add Device Web App Scanning & Exploitation


COLLECT EVIDENCE

TAKE CONTROL

Automated Evidence
Command Shell Session
Collection Modules

Live Reporting Meterpreter Session

Collect Credentials Manual Authentication

Collect Loot
(PII, PHI, IP, and Impersonate Administrator
card-holder data)

Proxy & VPN Pivoting

KEY CONSIDERATIONS FOR


YOUR NEXT PENETRATION TEST

Ask, “What is the most important digital asset


SET THE SCOPE my company needs to protect?” Then instruct the
penetration tester to try to access those systems.

Ensure that the person carrying out a penetration


CONDUCT THE TEST SAFELY test on your systems is qualified to do so.
Avoid issues with your production environment.

Do you have enough work to employ a penetration


tester full-time? You may want a truly independent
IN-HOUSE VS. OUTSOURCED assessment, which means enlisting an external
penetration tester with a fresh set of eyes.

Whether you’re hiring an internal penetration tester


SELECT THE RIGHT PERSON or a consultant, make sure they are well trained and
highly trustworthy.

FOR A MORE DETAILED GUIDE ON PENETRATION TESTING PRINCIPLES


AND BEST PRACTICES, DOWNLOAD THE WHITEPAPER:
www.rapid7.com/what-is-penetration-testing

You might also like