Scribd
Upload
18 views20 pages

Penetration Testing - Week 4

The document outlines the process and importance of penetration testing in identifying vulnerabilities in networks, applications, and servers. It details the four phases of penetration testing: reconnaissance, scanning, vulnerability testing, and reporting, along with the tools used and the estimated budget for the project. The results of the testing will be shared with senior management for further action and future reference.

Uploaded by

ganesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
18 views20 pages

Penetration Testing - Week 4

The document outlines the process and importance of penetration testing in identifying vulnerabilities in networks, applications, and servers. It details the four phases of penetration testing: reconnaissance, scanning, vulnerability testing, and reporting, along with the tools used and the estimated budget for the project. The results of the testing will be shared with senior management for further action and future reference.

Uploaded by

ganesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

PENETRATION

TESTING

Presented By:
Kavya Chevva
Wilmington University
INTRODUCTI
ON
Penetration testing - Used
to find Vulnerabilities in
network, application,
server etc.

Evaluates the severity of


a vulnerability.
WHY Now-a-days high profile security
breaches have become quite common
PENETRATIO in the present world.
N TESTING? New techniques being developed by
hackers.

Hence, penetration testing is essential


to test whether the hackers can get the
access of the systems belonged to the
company.
This penetration testing can be carried
out on networks, servers, applications
etc.
Reconnaissance
PENETRATIO and Information
Gathering
N TESTING
PHASES Scanning

Vulnerability
Testing and
Exploitation

Reporting
PHASE 1: Reconnaissance and Information
gathering is a process that collects as
RECONNAISSA much information as possible about a
NCE AND target without making a connection with
the target. This process can be carried
INFORMATION out by analyzing and reporting anything
that can be learned about the target.
GATHERING

This can be done through Website


browsing or via Google search.
Scanning is a way of
PHASE 2: discovering the existing
SCANNING networks which are owned
by the target and the
services running on the
target’s live hosts.

This can be done through


Nmap, DNS querying, route
tracing etc.
PHASE 3: This phase assists in finding
VULNERABILI and assessing the severity
TY TESTING of vulnerabilities and to see
if they are exploitable.
AND
EXPLOITATIO
N This can be done using
brute force, rootkits etc.
PHASE 4:
Reporting is nothing
REPORTING but to document the
findings from previous
three phases, i.e.,
Reconnaissance and
Information Gathering,
Scanning, Vulnerability
testing.
BACKGROU
ND Client - Telecommunications
INFORMATIO and network operator.
N

Concern - Sensitive
information - vulnerable and
exploitable by attackers.
Purpose –network servers -
secure enough to store the
data.
SCOPE OF WORK

Application-
Critical Layer and Authenticatio Social
Systems Network- n Engineering
Layer Testing
PLAN OF Active host identification

ACTION
Vulnerability Scanning

Sensitive data discovery

Mitigating the gaps


ACTIVE HOST
DNS Hostname
IDENTIFICATIO
Discovery
N
Social Media

Nmap, Ping,
Traceroute and
Superscan.
VULNERABILITY SCANNING

• Comprehensive port scanning


• Fingerprinting of services and applications
• Wireshark.
• SQLMap.
• Nmap.
TOOLS USED

• Metasploit
• Kali Linux
• Nmap
• Wireshark
• https://nvd.nist.gov/
• https://www.exploit-db.com/
DELIVERABLES
GANTT CHART

12/30 9/8 5/18 1/24 10/3 6/11 2/18 10/28 7/6 3/15

9/22
Reconnaissance and Information Gathering 9/24
2

9/25
Scanning 10/1
6

10/2
Vulnerability Testing and Exploitation 10/7
5

10/8
Reporting 10/10
2

Duration End Date Start Date


BUDGET

• Estimated cost of this


project is around $200,000
• If there are any failures
during this project, its
going to cost more.
CLOSING • Penetration testing is a process that involves
ACTIVITIES identifying and securing known vulnerabilities and
performing penetration tests. The results of these tests
will be forwarded to the senior management team.
• Every senior person in the organization is responsible
for the proper execution of the penetration testing
process. The results of the testing phases will be
shared with the senior management team.
• Post penetration testing, the data is stored with the
permission of the customer for future references.
REFERENCES • Ryan, C. (2015). Summarizing the five phases of
Penetration Testing. Retrieved from
https://www.cybrary.it/blog/2015/05/summarizin
g-the-five-phases-of-penetration-testing/
• Goran, J. (2019). 17 Best Security Penetration
Testing Tools The Pros Use. Retrieved from
https://phoenixnap.com/blog/best-penetration-t
esting-tools
• https://www.verizon.com/business/service_guide
/reg-20181116/cp_ps_internal_network_penetrat
ion_testing.htm
THANK YOU

You might also like