Discuss How a Code of Ethics Is Applicable and Important to a Pentester
The weak points of a system are exploited in this process through an authorized simulated attack. The purpose of this test is to secure important data from outsiders like hackers who can have unauthorized access to the system. Once the vulnerability is identified it is used to exploit the system to gain access to sensitive information.
Penetration test team member attempts to accomplish vulnerabilities in the system security of the organization using tools and techniques of the penetration test. The goal of the testing tem is to find out security weaknesses under controlled circumstances to eliminate the vulnerabilities before unauthorised users can exploit them. Penetration testing is an authorised action to correct the hackers (unauthorised users) activities. Penetration test is a better way to find the security weaknesses that exist in a network or system. Penetration test result will increase the awareness of the management people and also it will assist them to take an important decision making processes. Management people can find their system security weaknesses conducting penetration test in their organization. Depending upon the organization penetration test will differ and time frame of the test will depend on the type of test. If the penetration test is conducted badly then this test have serious costs like system roaring and cramming. Organization needs to have dynamic consent on this test while conducting or performing. Penetration testing method is one of the oldest network security techniques for evaluating the securities of a network system. Penetration testing method used by Department of Defence in early 1970’s to determine the security weaknesses in computer system and to initiate the development of programs to create more secure system. Using penetration testing, organization can fix their security weaknesses before they get unprotected. Many companies are using this method because penetration testing will provide proper security information systems and services to the organization’s network systems. Organization can reduce risk in their network system using penetration testing tools and techniques.
The problem with administrator username and login enumerations also makes it possible for cybercriminals to seize operations of the data system with ease (Mayne 86). A major problem identified during the test was the limited knowledge of the client’s employees on issues concerning security of the systems they use. It was identified that most of the employees used their names and dates of birth as their passwords. Anyone can make a simple guess of these simple facts and access information in their systems (Ballad, Ballad, and Banks 46). It was also observed that most of them knew nothing about security beyond using their weak passwords. They could not detect any breach into the system unless their data was tampered with or lost. The system used within the firm to report and address security breaches in the firm was poor.
For more than 15 years, – a team of leading IT security enthusiasts – have been at the forefront of providing outstanding penetration testing services in Sydney and around the world. The team has worked for some of the world’s biggest brands internationally, in a range of high-risk industries, including banking, finance, insurance, health, utilities, oil & gas, government and defence.
Ballad, Bill, Tricia Ballad, and Erin Banks. Access Control, Authentication, and Public Key Infrastructure. Sudbury: Jones & Bartlett Learning, 2011. Print.
Chaney, Moses, Ronald Cross, and Richard Demars. Strength Testing of Marine Sediments. Philadelphia: ASTM, 2009. Print.
Engebretson, Pat. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. New York: 2013. Print.
Henry, Kevin. Penetration Testing: Protecting Networks and Systems. Ely: IT Governance Publishers, 2012. Print.