Advanced Penetration Testing (Glossary)

  • Intrusive Vulnerability Scan: An Intrusive scan tries to exploit a vulnerability. Intrusive scans are typically much more accurate than Non-Intrusive scans, but they can crash or alter the target.

  • Attack Surface: An attack surface is the total amount of vulnerabilities that can be exploited to carry out an attack. Attack surfaces can be physical or digital.

  • Authenticated or Credentialed Vulnerability Scan: An authenticated or Credentialed Vulnerability scan is vulnerability testing performed as a logged-in (authenticated) user. A credentialed scan is a safer version of a non-authenticated scan and it provides more detailed information.

  • Banner Grabbing: Banner grabbing is a technique used to capture the information provided by banners, configurable text-based welcome screens from network hosts that display system information.

  • Black box test: In a black-box testing, the penetration tester is placed in the role of the typical attacker, with no internal knowledge of the target system. Testers are not provided with any architecture diagrams or source code that is not publicly available. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network.

  • Common Vulnerabilities and Exposures (CVE): Common Vulnerabilities and Exposures (CVE) is a catalog of known security threats. The catalog is sponsored by the United States Department of Homeland Security (DHS) and threats are divided into two categories: vulnerabilities and exposures.

  • Exposure: An exposure is an error in software code or configuration that provides an attacker with indirect access to a system or network. For instance, an exposure may allow an attacker to secretly gather customer information that could be sold.

  • Grey box test: In a grey-box testing, the penetration tester has the access and knowledge levels of a user, likely with elevated privileges on a system. Testers typically have some knowledge of the network’s internals, including design and architecture documentation, and an account internal to the network.

  • Hardening: Hardening is the process of securing a system by reducing its surface of vulnerability. The more functions a system performs, the larger its surface. Reducing available ways of attack includes changing passwords, removing unnecessary software and logins, and disabling or removing unnecessary services.

  • Honeynet: A honeynet is a network built with calculated vulnerabilities. Its purpose is to invite attacks so that an attacker’s activities and methods can be studied, and that information used to increase network security. A honeynet contains one or more honeypots. While the primary purpose of a honeynet is to gather information about attackers’ methods and motives, the decoy network can divert attackers from a real network and its resources.

  • Honeypot: A honeypot is a computer or computer system intended to mimic targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target. It can also be used to gain information about how malicious actors operate.

  • Network scanner: A network scanner is a tool used to find and categorize devices running on a network. The user inputs a range of IP addresses into the tool and the scanner determines if there is an active device present on each given IP address. One of the most famous network scanners is Nmap, the Network Mapper.

  • Non-Intrusive Vulnerability Scan: A Non-Intrusive scan tries not to cause any harm to the target by checking the remote service version, if the vulnerable options are enabled, and other available information. A nonintrusive scan cannot determine for sure if a service installed is vulnerable.

  • Penetration testing: It is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. It can be automated with software applications or performed manually. The process involves analyzing and assessing the target, and reporting back the findings.

  • Port number: A port number is the logical address of each application or process that uses a network or the Internet to communicate.

  • Port scanner: A port scanner is used for determining which ports on a network are open. Using a port scanner on a network or server reveals which ports are open and listening (receiving information), as well as revealing the presence of security devices such as firewalls.

  • The Common Vulnerability Scoring System (CVSS): The Common Vulnerability Scoring System (CVSS) captures the basic characteristics of a vulnerability and produces a numerical score reflecting its severity. This score can be translated into a qualitative representation to help organizations assess and prioritize their vulnerability management processes.

  • Unauthenticated or Non-Credentialed Vulnerability Scan: An Unauthenticated or Non-Credentialed Vulnerability scan is vulnerability testing performed without using a credentialed user.

  • Vulnerability: A vulnerability is a mistake in software code that provides an attacker with direct access to a system or network. For instance, a vulnerability may allow an attacker to pose as a system administrator who has full access privileges.

  • Vulnerability Assessment: A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications, and network infrastructures and providing the necessary knowledge, awareness, and risk background to the organization being examined.

  • Vulnerability Scan: A vulnerability scan is the inspection of potential points of exploit on a computer or network to identify possible vulnerabilities.

  • Vulnerability scanner: A vulnerability scan detects and classifies system weaknesses in computers, networks, and communications equipment and predicts the effectiveness of countermeasures. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts and attempts to exploit each vulnerability that is discovered.

  • White box test: White box testing, also known as clear-box, open-box, auxiliary and logic-driven testing, is a type of testing where testers are given full access to source code, architecture documentation, and other critical information. Considering the amount of data available to identify potential points of weakness, it the most time consuming type of penetration testing.

Escribe tu comentario
+ 2