What is Penetration Testing?

When you want to ensure absolute security of something, the first thing that you do is that you test the endurance of that thing. This helps you figure out how secure the system currently is and what you need to do to enhance its security. Today, we are gonna talk about something that evaluates the security of your server or network. Known as penetration testing, this method finds out how sturdy the system is by simulating threats and attacks.

The MSDN library defines penetration testing as “a test method in which the security of a computer program or network is subjected to deliberate simulated attack.”

Before I go into explaining what penetration testing, let me introduce you to two terms: black hat hackers and white hat hackers. Black hat hackers are the ones who access your system without authorization. They have malicious intent. White hat hackers, on the other hand, are what you call ethical hackers. They hack systems to find out their vulnerability.

Now, penetration testing is carried out by white hat hackers by conjuring up a hack just like from a black hat hacker. This testing strives to find out the vulnerabilities and loopholes of the system that may allow malicious threats.

Based on how much a potential hacker may know about the system, penetration testing is classified in the following categories:

  • Black box testing – This is carried out assuming the hacker knows nothing about the system.
  • White box testing – This is carried out assuming an instance when an insider with a considerable amount of information about the system hacks it.
  • Gray box testing – This is carried out for varying degrees of information that a hacker may have about the system. Gray box testing methods are between the two extremes of black testing and white box testing.

We will talk more on server security methods in the posts to come.