Quality Testing

Quality is delighting customers

What is Penetration Testing?

Views: 522

Reply to This

Replies to This Discussion

Testing method which evaluates the security of a computer system or network by simulating an attack from a malicious source. Usually they are conductedby specialized penetration testing companies.

Hope it helps.
Regards, Ronak Shah (http://www.techgig.com/QAExpert), Practice Head - Software Testing (QA), CIGNEX Datamatics
---- Email: current organization: ronak.shah@cignex.com
---- Email: Personal: ronak.quality@yahoo.com

Here is an answer to your query. Please check this link - http://vera.cd/1N8fq0L

A penetration test(Pen Test) helps to determine that whether a system under test is vulnerable to attack. Outcome of test will let the team know if the defenses were enough, and which area (if any) the test defeated. Penetration testing includes network penetration testing and application security testing from inter and outside network.

Penetration testing for an application cover following: -

- Cross-site Scripting
- SQL Injection
- Cross-site Request Forgery
- HTTP Response Splitting

If you don't have expertise on Penetration testing then you can consult any software testing company for the same.
For more details please visit following link to get more details:

Penetration testing is a sort of security testing used to test the shaky territories of the system or application. The objective of this testing is to discover all security vulnerabilities that are available in the system being tested. Vulnerability is the danger that an attacker can upset or increase approved access to the system or any information contained inside it.

Why penetration testing is essential ?

  • Finance related segments like Banks, Investment Banking , Stock Trading Exchanges need their data to be secured , and penetration testing is vital to guarantee security.

  • On the off chance that if the product/application system is as of now hacked and organization needs to figure out if any dangers are still present in the system to maintain a strategic distance from future hacks.

  • Types of penetration testing:

    The sort of penetration test chose for the most part relies on the degree and whether the company needs to mimic an attack by an employee, Network Admin (Internal Sources) or by External Sources .There are three sorts of Penetration testing and they are

    • White box penetration testing

    • Black box testing

    • Grey Box Penetration Testing

An effective penetration test will usually involve a skilled hacker, or team of hackers. You purposefully ensure that the hacker(s) don't have access to any source code, and ask them to try to gain access to your systems. Penetration tests can be carried out on IP address ranges, individual applications, or even as little information as a company name. The level of access you give an attacker depends on what you are trying to test.

The type of penetration test selected usually depends on the scope and whether the organization wants to simulate an attack by an employee, Network Admin (Internal Sources) or by External Sources. There are three types of Penetration testing and they are

  • Black Box Testing
  • White Box Penetration testing
  • Grey Box Penetration Testing


Software testing services

Penetration testing is a type of Security Testing used to test the insecure areas of the system or application. The goal of this testing is to find all security vulnerabilities that are present in the system being tested. Vulnerability is the risk that an attacker can disrupt or gain authorized access to the system or any data contained within it. It is also called pen testing or pen test.

Vulnerabilities are usually introduced by accident during software development and implementation phase. Common vulnerabilities include design errors, configuration errors, software bugs etc.

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source.


Penetration testing is the way of improving & determining the security of an enclave. The enclave can be physical (e.g. a data center), logical (e.g. a n/w), or a combination. What the penetration test includes depends greatly on the purpose and scope of the test, as agreed upon by the customer and the testing team.

Some of the activities that can be part of a penetration test include:

Intelligence gathering (Google, Facebook, LinkedIn, etc)
Network scanning
Network penetration, a.k.a. "hacking"
Data exfiltration
Dumpster diving
Social engineering

Penetration testing is a hot buzzword at the moment, and there is currently far more demand for penetration testing than there are qualified and responsible teams. It is important for a customer to have a firm grasp of what the intended purpose of the test is, and to have a comprehensive set of ground rules signed by all concerned parties: data owners, testers, and administrators/responders. The ground rules should include off-limits addresses and methods, ways of deconflicting real-world events from the tester's actions, non-disclosure agreements on both sides, and a clearly-defined time limit on the test.




TTWT Magazine





© 2020   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service