Penetration test

Penetration test, means to detect security vulnerabilities of a software system through various methods (including software attack), and gain the access permission or data of the software system through those vulnerabilities.

The target of penetration test may be a white-box system (with background details of the system known) or black-box system (with background information of the system unknown), which help to detect that whether an attackable security vulnerability is in a system, so as to estimate that whether a system is strong enough to resist various attacks.

Penetration test is mainly performed manually, and the test quality depends mainly on the experience of testing personnel. Therefore, penetration test is usually conducted by experienced professional security testing personnel, to tackle difficult problems and to achieve the desired test result.

The goals of penetration tests are:

  1. Determine feasibility of a particular set of attack vectors
  2. Identify high-risk vulnerabilities from a combination of lower-risk vulnerabilities exploited in a particular sequence
  3. Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
  4. Assess the magnitude of potential business and operational impacts of successful attacks
  5. Test the ability of network defenders to detect and respond to attacks
  6. Provide evidence to support increased investments in security personnel and technology

Although penetration test is mainly performed manually, there are many security tools for auxiliary use to improve the efficiency.

Some auxiliary tools: