Discuss How a Code of Ethics Is Applicable and Important to a Pentester
It's the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system are exploited in this process through an authorized simulated attack. The purpose of this test is to secure important data from outsiders like hackers who can have unauthorized access to the system. Once the vulnerability is identified it is used to exploit the system to gain access to sensitive information.
Penetration test is a sequence of actions to find and exploit security weaknesses of the systems. Penetration test naturally includes group of people financed by the organization and Department of Internal Audit or IT department to conduct the test. Penetration test team member attempts to accomplish vulnerabilities in the system security of the organization using tools and techniques of the penetration test. The goal of the testing tem is to find out security weaknesses under controlled circumstances to eliminate the vulnerabilities before unauthorised users can exploit them. Penetration testing is an authorised action to correct the hackers (unauthorised users) activities. Penetration test is a better way to find the security weaknesses that exist in a network or system. Penetration test result will increase the awareness of the management people and also it will assist them to take an important decision making processes. Management people can find their system security weaknesses conducting penetration test in their organization. Depending upon the organization penetration test will differ and time frame of the test will depend on the type of test. If the penetration test is conducted badly then this test have serious costs like system roaring and cramming. Organization needs to have dynamic consent on this test while conducting or performing. Penetration testing method is one of the oldest network security techniques for evaluating the securities of a network system. Penetration testing method used by Department of Defence in early 1970’s to determine the security weaknesses in computer system and to initiate the development of programs to create more secure system. Using penetration testing, organization can fix their security weaknesses before they get unprotected. Many companies are using this method because penetration testing will provide proper security information systems and services to the organization’s network systems. Organization can reduce risk in their network system using penetration testing tools and techniques.
The Penetration Testing is expected to take 30 days, including the process of writing the report and making all the relevant communications to the client. The procedure for the testing involves diagnosing the systems and tools used for communication, interviewing the employees using these tools, and informing the client of the findings and necessary recommendations (Henry 97). The findings above leave Modern Retailers Supermarket very vulnerable to vicious attacks. The insufficient authentication needed for login means that anyone who can access the workstations can retrieve, manipulate, or even destroy information available in the firm’s database (Engebretson 42). This may lead to serious financial loss and damages. The problem with administrator username and login enumerations also makes it possible for cybercriminals to seize operations of the data system with ease (Mayne 86). A major problem identified during the test was the limited knowledge of the client’s employees on issues concerning security of the systems they use. It was identified that most of the employees used their names and dates of birth as their passwords. Anyone can make a simple guess of these simple facts and access information in their systems (Ballad, Ballad, and Banks 46). It was also observed that most of them knew nothing about security beyond using their weak passwords. They could not detect any breach into the system unless their data was tampered with or lost. The system used within the firm to report and address security breaches in the firm was poor.
Altogether, all in all, good penetration testers are curious, smart, techy, creative, incisive, passionate, great communicators, excellent attention to detail, and have good social engineering skills. If you’re looking to hire a penetration tester, then find someone that possesses these characteristics. For more than 15 years, – a team of leading IT security enthusiasts – have been at the forefront of providing outstanding penetration testing services in Sydney and around the world. The team has worked for some of the world’s biggest brands internationally, in a range of high-risk industries, including banking, finance, insurance, health, utilities, oil & gas, government and defence.
Ballad, Bill, Tricia Ballad, and Erin Banks. Access Control, Authentication, and Public Key Infrastructure. Sudbury: Jones & Bartlett Learning, 2011. Print.
Chaney, Moses, Ronald Cross, and Richard Demars. Strength Testing of Marine Sediments. Philadelphia: ASTM, 2009. Print.
Engebretson, Pat. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. New York: 2013. Print.
Henry, Kevin. Penetration Testing: Protecting Networks and Systems. Ely: IT Governance Publishers, 2012. Print.