Vulnerability Assessment & Penetration Testing
NETWORK - VULNERABILITY ASSESSMENT & PENETRATION TESTING
Penetration testing includes components of application vulnerability assessment, host vulnerability assessment, and security best practices. This type of test can be performed with or without detailed prior knowledge of the environment. When it is performed without prior knowledge additional steps will be taken to enumerate hosts and applications and to assess the ease with which any outsider could exploit publicly available information or social engineering to gain unauthorized access.
Host Based assessment and Penetration testing
Host based assessment deals with security of given workstation or server. Automated scanning tools are the primary mode of assessment. Additional hands-on inspection may also be necessary to assess conformance to security best practice.
In host based test the penetration tester(s) would act as a Sys Admin, and auditing the system and applications looking for: