Penetration Testing - ANSWER (Pentesting) involves simulating attacks to assess the risk associated with potential security breaches. Testers discover and exploit vulnerabilities where possible to assess what attackers m
...
Penetration Testing - ANSWER (Pentesting) involves simulating attacks to assess the risk associated with potential security breaches. Testers discover and exploit vulnerabilities where possible to assess what attackers might gain after a successful exploitation.
Zero-day - ANSWER A vulnerability unpatched by software publishers
Social-engineering - ANSWER In the context of information security, refers to the psychological manipulation of people into performing actions divulging confidential information. For the purpose of information gathering, fraud, or system access. Ex. Phishing
Internal Penetration Test - ANSWER Insider, malicious employee or attacker who has already breached the perimeter
External Penetration Test - ANSWER Simulate an attack via the Internet
Pre-engagement Phase - ANSWER Pentesting begins with this, involves talking to the client about their goals for the pentest, mapping out the scope (extent and parameters of the test) and so on.
Information-gathering Phase - ANSWER The pentester searches for publicly available information about the client and identifies potential ways to connect to its systems
Threat-modeling Phase - ANSWER The tester uses information from the previous phase to determine the value of each finding and the impact to the client if the finding permitted an attacker to break into a system. Allows development of action plan and methods of attack
Vulnerability Modeling - ANSWER Done before attacking systems, attempts to discover vulnerabilities in the system that can be taken advantage of in the exploitation phase
Post-exploitation Phase - ANSWER The result of the exploitation is leveraged to find additional information, sensitive data, access to other systems and so on
Reporting Phase - ANSWER The pentester summarizes the findings for both the executives and technical practitioners
Proprietary software - ANSWER Closed source software. Computer science software licensed under exclusive legal right of the copyright holder with the intent that the licensee is given the right to use the software only under certain conditions and
[Show More]
