Module 1 :- Overview Of Penetration Testing
WHAT IS PENETRATION?…PART 2
Lets revisit what we previously discussed. Penetration Testing is testing how strong the wall that secures the treasure is. Now what is the technical meaning of this term in the digital realm? Penetration Testing is a legal and proactive practice where security of an infrastructure is safely penetrated and exploited so that their vulnerablities can be found and then their issues can be fixed. To relate to it, you know in those movies where an evil government hired scientist spreads the disease among the people so that a cure can be found and they can be safe if anytime such disease is struck again. its kinda like that, but in a good way. No one is actually getting hurt and the data can be fixed instantly by software engineers or network administrators.
NEED TO PENETRATE…….AND THEN TEST IT
1. Take this scenario:
“Sham works at a multinational organization, life is good, baby on the way and he is up for a promotion.As the most hardworking worker of the organization his superiors too adore him a lot. One day, after patching up things at the office he leaves for his home, happy as always,weather is awesome. Suddenly he gets a call from his employer that there is an emergency back at the office. He U-turns, gets back to the building and “BAAAAAMMM!!!” What he finds out is beyond imagination (the nightmare ones), somebody remotely breached the system and all the data is gone. All of Shyaam’s hard-work is now gone to ashes. The company looses billions. They had to lay off some of their workers. And no matter how talented and hardworking Shyaam was, he was the victim of the lay off too. His life was turned upside down.”
That includes our first need of penetration testers. Security breaches like this cause collosal financial losses and any one of us could be the next Sham.
2. Impossibility that all the information can be safeguarded at all times:
With each and every day new technologies are made and new tech means new ways to mess with it, exploit it, put pigtails on it…..uh SO!! New technologies cause new vulnerablities to emerge and new vulnerablities are like tasty, mouth watering, cuisines for hackers who just want to eat it. So Pen -Testers find these and then give tips to rectify these.
3. Pen-Testers show the organizations what are they made of :
Pen-Testers helps the organization to prioritize securityof their information. They analyze their ability to protect their data and their network, and then further grade them according to it. After the tests done they analyze how weak or strong the security of the organization is, whether some guy can mess with the system internally or not, whether some external is posed to the syatem or not and if so, are the endpoints of data access are secure because these places are like tip of the mountain with a really, really deep ditch on the side. Once something drops, it keep going deep.
Why do companies are in need of such services?
1. Good management of their vulnerabilities is very necessary. Their data is always at risk from easy money makers or corporate spies or anyone from a rat to a machine gun wielding titan(its all metaphorical). Pen-testing help the organization to prioritize their security of the resources, allocating the more fragile data to a safe place that is easily accessible but only by some trustworthy people .
2. When a breach happens…. money goes !POOF! faster then i finish boiled eggs, and I finish them really…really fast. Finding the vulnerable hole and plugging it helps to avoid these costs.
3. It helps create a good impression. the board that regulates the organization wants its product to be awesome and secure and a profit churning machine…non-security can be a cause of a major Fine to cover the losses to the board.
4. “THE PEOPLE NEED TO KNOW THAT THEIR MONEY IS SAFE”. Better security makes for better image, it makes up for better PR that in turn gets better profits.