24/7 writing help on your phone
Save to my list
Remove from my list
With the improvement of IT segment, step by step security shortcomings and dangers are expanding quickly. To respond to these threats, tries and foundations perform Penetration Tests (PenTest) of security associations as a technique for redesigning their security. After the testing, a security weakness examination is coordinated to strengthen system security attack frameworks are winding up all the more contrasting and refined. A Penetration Test is an undertaking to find the security inadequacies of a PC structure and intentionally attack the system with the legal support, to manage the PC structure even more safely.
There are diverse sorts of techniques and structures accessible now for infiltration testing. Each has interesting attributes and adopts an alternate strategy to entrance testing. A portion of the significant systems that are utilizing now are looked at and talked about underneath.
OSSTMM can be used for most of the inspection types like penetration testing, ethical hacking and vulnerability assessment.
It contains different penetration testing methodologies and different ways to improve the security and quality of the product (Herzog, 2003).There are 6 testing steps for OSSTMM, they are Information Security Testing, Information security testing, Process Security Testing, Internet Technology Security Testing, Communications Security Testing, Security Testing, Physical Security Testing.
OWASP is a non-benefit association focused on rising PC code security. OWASP gives different apparatuses, aides and testing strategies for digital security underneath open source licenses, particularly, the OWASP Testing Guide (OTG) (Meucci, 2008). OTG is part into 3 essential areas, to be specific; the OWASP testing system for net application improvement, the net application testing philosophy, and detailing.
OWASP system is comprised of 5 stages: Information gathering, configuration management tests, Authentication testing, Session management tests, Authorization testing.
ISSAF makes an endeavour to shroud every single potential space of an penetration check from origination to finishing. The three essential stages are arranging and arrangement, evaluation, and, announcing and tidy up. The testing systems are again ventured into 9 stages: Information Gathering, Network Mapping, Vulnerability Identification, Penetration, Gaining Access and Privilege Escalation, Enumerating Further, Compromise Remote Users/Sites, Maintaining Access, Cover the Tracks.
PTES defines penetration testing as 7 phases. PTES includes pre-engagement interactions, intelligence gathering, threat modelling, vulnerability analysis, exploitation, post exploitation, and reporting.
PTES gives specialized rules to what/how to check, clarification of testing and proposed testing devices and use.
Comparison:
As talked about over every one of the procedures have distinctive advances or periods of testing. PTES takes points of interest of various resources with the methodology of solidifying with various structures inside it, for example; OWASP for web application testing is referenced and recommended for using when testing web applications. PTES endeavours to make a standard for invasion tests whereby a security proficient has a reference for what's in store at any rate concerning entrance testing prerequisites. OSSTMM is fitting to a broad assortment of appraisals. OWASP has developed the test structure for web applications.
The traits of PTE don't demonstrate enough properties to be considered either a philosophy or system, as a result of insufficient documentation or free structure when appeared differently in relation to the more created systems assessed. It ought to be noticed that PTES can be moreover shaped into a structure therefore PTES masterminds as a benefit post-assessment. Both OSSTMM and OWASP agree with the pre-evaluation portrayal, for example it didn't change arrangement post-assessment. Viability is characterized as how a system can be comprehended, adjusted, upgraded or changed.
Penetration Testing Methodologies
Features | Ease of use | Coverage | Technical level description | Scalability | Tools | Threat analysis | Project Management |
---|---|---|---|---|---|---|---|
OSSTMM | No | Yes | No | Partially | No | Partially | No |
OWASP | Yes | No | Yes | Yes | Yes | Partially | No |
ISSAF | No | Yes | Yes | Yes | Yes | Partially | Partially |
PTES | Yes | Yes | Yes | Partially | Yes | Yes | No |
Standard Operating Procedure (SOP) of an association is to empower the labourers to finish their normal exercises and to diminish the complexities of strategies. SOP ought to guarantee most extreme viability, security and no vulnerabilities. SOP for an association is depicted beneath:
Reporting | Penetration test report | Decision Making Tree |
---|---|---|
Start | Checking Connection (PING) | |
Intelligence Gathering | YES | NO |
Vulnerability Analysis | Mapping the network | |
Finding open port | Determining the network range | |
Scan the target | Open Greenbone security assistant | Installing, Configuring and Starting OpenVas |
Exploitation | Find local / network vulnerabilities | OS specific vulnerability |
Show options | Search for Exploits | |
Using Metasploitable | Installing and configuring Metasploitable | |
Set options | Open Sessions | |
Post Exploitation | Exploiting the target | Process |
Process | Password Cracking | |
Process | ||
Penetration Testing Report |
Normal Penetration testing will keep up a safe and safe framework for the association. There are a few pen testing procedures accessible yet were not ready to be summed up crosswise over issue spaces. So it is critical to apply a penetration testing procedure that is reasonable for every association and foundation so as to accomplish the greatest effectiveness. A fruitful penetration test can't do anything useful for the improvement of the security framework. Moves ought to be made to understand the vulnerabilities in the framework to get most extreme favourable position.
SOP of PenTest ought to constantly helpful for any review types. SOP should deal with the dangers and dangers in security. Non-powerless framework ought to be acquired in the wake of completing every one of the periods of SOP. Each association ought to pursue a SOP for the safe working of their information and data.
Comparative Analysis of Penetration Testing Methodologies and Standard Operating Procedures. (2024, Feb 19). Retrieved from https://studymoose.com/document/comparative-analysis-of-penetration-testing-methodologies-and-standard-operating-procedures
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.
get help with your assignment