Abstract

Vulnerability assessment (VA) represents a key element of an organization s information security program. A VA highlights an organization's security liabilities and helps asset owners, security managers, and business leaders determine information security risk. VAs only report vulnerabilities, though. They do not substantiate that vulnerabilities actually exist; penetration tests do that. This chapter assimilates the information on tools, methodologies, and concepts that go into VA and continues with penetration testing. Penetration testing is the process of evaluating the security posture of a computer system, network, or application (assets).The process involves analyzing assets for any weaknesses, configuration flaws, or vulnerabilities. The analysis is carried out from the perspective of a potential attacker and leverages exploitation of known and possibly unknown security vulnerabilities. There are two types of penetration tests: black box and white box tests. Black box testing assumes no prior knowledge of the environment to be tested and the testers must first determine the location and extent of the assets before commencing their analysis. At the other end of the spectrum, white box testing provides the testers with complete knowledge of the environment to be tested; often including network diagrams, source code and Internet Protocol (IP) addressing information.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Chapter 6 - Going Further
Susan Snedakar
The Best Damn IT Security Management Book Period | VOL. -
Susan SnedakarSusan Snedakar
01 Jan 2007
Analysis of various testing techniques
Kamaldeep Kaur ... Sunil Kumar Khatri
International Journal of System Assurance Engineering and Management | VOL. 5
Kamaldeep Kaur, et. al.Kamaldeep Kaur ... Sunil Kumar Khatri
27 Apr 2013
A Comparative Study of White Box, Black Box and Grey Box Testing Techniques
Mohd Ehmer ... Farmeena Khan
International Journal of Advanced Computer Science and Applications | VOL. 3
Mohd Ehmer, et. al.Mohd Ehmer ... Farmeena Khan
01 Jan 2012
Waste Bank Data Management Information System with Web-Based Telegram Bot Notification Feature at Mawar Garbage Bank
Rahmat Robi Waliyansyah ... Mega Novita
Journal of Intelligent Computing and Health Informatics | VOL. 2
Rahmat Robi Waliyansyah, et. al.Rahmat Robi Waliyansyah ... Mega Novita
05 Nov 2021
View more papers

More From: Network Security Assessment: From Vulnerability to Patch

Paper Title
Journal
Date
Author
Chapter 4 - Vulnerability Assessment: Step One
Steve Manzuik ... Chris Gatford
Network Security Assessment: From Vulnerability to Patch | VOL. -
Steve Manzuik, et. al.Steve Manzuik ... Chris Gatford
01 Jan 2006
Chapter 3 - Vulnerability Assessment Tools
Steve Manzuik ... Chris Gatford
Network Security Assessment: From Vulnerability to Patch | VOL. -
Steve Manzuik, et. al.Steve Manzuik ... Chris Gatford
01 Jan 2006
Chapter 1 - Windows of Vulnerability
Steve Manzuik ... Chris Gatford
Network Security Assessment: From Vulnerability to Patch | VOL. -
Steve Manzuik, et. al.Steve Manzuik ... Chris Gatford
01 Jan 2006
Chapter 2 - Vulnerability Assessment 101
Steve Manzuik ... Chris Gatford
Network Security Assessment: From Vulnerability to Patch | VOL. -
Steve Manzuik, et. al.Steve Manzuik ... Chris Gatford
01 Jan 2006
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.