Wednesday, June 29, 2011

Penetration Testing: Tips For Successful Test

Penetration testing is growing field and most of the companies hire ethical hackers to perform a quick pen test on their network to evaluate the security of the network. If you are expert in penetration testing or if you are a student of this field, in both cases you must follow some rules (tips) to perform a effective penetration testing.
We have discussed so many pen testing tools before so this article will not introduce you to tool but some tips surely.

First of all make sure that the test you are going to do is not conflict with the laws of local government, you must have an idea about cyber laws and crimes that you will surely learn by your experiences and through your academic career.


Below are some tips to perform a successful penetration testing, I have written this tips with my best experience and knowledge, it is possible that you are not agree with me, so do share your tips via comment.

Tips For Ethical Hacking Process

* You must put yourself on save side, so make proper documentation before going to perform a test, your document must contain a written permission to perform the test, keep in mind you will test the system and network as a hacker view.

* Planning is a good habit, so set your goals to achieve by this test, make a proper plane to do the job.

* Inform client (higher authorities) about your plane and discuss your plane with them.

* Choose the right tools for the right job, try to use the latest and best tools.

* Try to think like an attacker (hacker), try your best knowledge and skills and must consider all the attacking vectors.

* Choose the right time for the job.

* Do not try to exploit the system and network without the permission of client.

* Show the vulnerabilities to the higher authorities (client), and suggest some countermeasure.

* Make proper documentation to all your steps to avoid yourself from trouble.

* Right a proper report in very professional manner.

* By using your report show your client about the importance of penetration testing, let them know about the vulnerabilities and the risk.

Penetration testing VS Vulnerability Assessment

No comments: