What is a pentesting, or penetration test?
posted in Community by
defamireck
What is pentesting?
Essentially, pentesting is a test of a computer device to detect potential vulnerabilities or weaknesses. Pentesting, then, simulates the attack of various tools commonly used by hackers to access a computer. However, pentesting will never actually infect the devices, so it is harmless. It will only let you know what your vulnerabilities are so that they can be addressed and protected from potential hacking.
How is pentesting done?
There are several ways to do it according to https://ip-locations.org/. One of the main ways to classify pentests is based on the previous knowledge you have of the equipment to be tested. White box pentests will have all the information about the computer, operating system, architecture, etc. in advance, while black box pentests will start off blind to better simulate the information that an outside hacker is capable of obtaining.
What methods are there for pentesting?
There are numerous methods and tools, but generally it is always advisable to be guided by the pentester who will perform the test. Some of the most common methods are:
PTES and OWASP
These are two of the first standards in pentesting and have been around for many years offering great results, making them one of the first tools taught in reference manuals.
OSSTMM
More oriented to companies, OSSTMM has also established itself as one of the most important and useful tools in the field of pentesting, reaching almost the level of PTES and OWASP.
PCI
Dedicated specifically to the protection of credit card information, this system was developed by ISSAF and is the main tool when checking the security of equipment working with credit or debit card information.
Why perform pentesting?
There are many reasons. Whether it is personal or business computers, pentesting will allow you to know first-hand the vulnerabilities that are present so that they can be fixed before they are exploited by a hacker or a malware infection. The risks to which you are exposed if you do not do so are
Loss of personal data
Your first and last name, ID number, latest payslips, credit and debit card numbers, email passwords and much more personal information is stored on your computer, your phone and many other devices. The theft of this data can make you a victim of extortion or even lead to serious financial losses through your cards.
Loss of access to your devices
If a computer is vulnerable, it can fall victim to a ransomware attack that will encrypt the files and render them unusable until a bond is posted by the hacker who is holding them. In many cases the bond requested is so high that it is impossible to pay it, so after a certain number of days, the files are destroyed and can lead to serious financial losses for individuals and businesses.
Infection by various types of malware
Once you've infected your computer with certain types of malware, the hacker's next step is likely to infect all devices related to your computer - not just those at home or work, but those on your contact list or those of people you've exchanged email with in recent months. This can harm your computers and damage their image of you, or it can even affect the computers of the company where you work and destroy your paychecks, accounts and many other essential work data.
3 years, 12 months ago