Security is one of the major issues of information systems. The growing connectivity of computers through the internet, the increasing extensibility of systems, and the unbridled growth of the size and complexity of systems have made software security a bigger problem now than in the past. Furthermore, it is a business imperative to adequately protect an organization’s information assets by following a comprehensive, and structured approach to provide protection from the risks an organization might face. In an attempt to solve the security problem and comply with the mandated security regulations, security experts have developed various security assurance methods including proof of correctness, layered design, software engineering environments and penetration testing.

What is Penetration testing ?

Penetration testing involves performing various reconnaissance scans against your perimeter defenses, boundary routers, firewalls, switches, network devices, servers, and workstations to allow you to see which devices are within your environment and to determine the overall plan of the network and topology. Once this has been gathered, you can then collate this information and then look at an attack vector to try and penetrate identified systems to see if they can be compromised by using known vulnerability scans, attacks and denial of service attacks. When performing penetration testing you are essentially taking on the role of the hacker. You will be looking at using tools like PING to detect if hosts are live, port scanners for any hosts that may deny ICMP Echo/Reply requests (PING’s) and to also identify which ports are open on devices enabling you to create a footprint of what these devices are used for.

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems

in other point Penetration Tessting is:

Penetration testing is defined as a formalized set of procedures designed to bypass the security controls of a system or organization for the purpose of testing that system’s or organization’s resistance to such an attack. Penetration testing is performed to uncover the security weaknesses of a system and to determine the ways in which the system can be compromised by a potential attacker. Penetration testing can take several forms (which will be discussed later) but, in general, a test consists of a series of “attacks” against a target. The success or failure of the attacks, and how the target reacts to each attack, will determine the outcome of the test.

What is the purpose of a penetration testing ?

The purpose of a penetration test is to determine the subject’s ability to withstand an attack by a hostile intruder. As such, the tester will be using the tricks and techniques a reallife attacker might use. This simulated attack strategy allows the subject to discover and mitigate its security weak spots before a real attacker discovers them.

Why Penetration Testing is exists ?

the reason is some organizations need to figure the effectiveness of their security measures before any other does. The fact that they want tests performed indicates that they believe there might be (or want to discover) some deficiency in their security. While the testing itself might uncover problems in the organization’s security, the tester should attempt to discover and explain the underlying cause of the lapses in security that allowed the test to succeed. The tester should explain that the lapse was due to inadequate attention by the guard on duty or a lack of guard staff training that would enable them to recognize valuable or sensitive information.

How to know whether your network or system is secure or not? Is any body latching up your personal data or violating your Privacy? Well for few of you it don’t matter a lot but what about the companies having there money logs/transactions or secrete data or any private data regarding customers where it is the duty of Companies to protect there privacy and to fix those vulnerabilities and clean up.

Computer related crime is on the rise.
Find holes now before somebody else does.
Report problems to management.
Verify secure configurations.
Security training for network staff.
Discover gaps in compliance.
Testing new technology.

What is the difference between a Penetration Tester and a Hacker?

Penetration Tester’s have prior approval from Senior Management
- Hackers have prior approval from themselves.
Penetration Tester’s social engineering attacks are there to raise awareness
- Hackers social engineering attacks are there to trick the DMV into divulging sensitive information about the whereabouts of their estranged ex-spouse.
Penetration Tester’s war driving = geeks driving cars with really long antennas, license plate reading “r00t3d” while dying their hair green looking to discover the hidden, unapproved networks your users thought it would be OK to install for you.
- Hackers wireless war driving doesn’t happen so often because 14 year olds typically don’t have their license yet.
Penetration Tester’s have pink mohawks and wear trenchcoats in July.
- Hackers have pink mohawks and wear trenchcoats.... that they bought with your bank account info.

What is the Types of Penetration Testing ?

The Terminology of Penetration Testing

There are several terms associated with penetration testing. These terms are used throughout this article to describe penetration testing and the people and events involved in a penetration testing.

Tester:

The person or group who is performing the penetration test. The purpose of the tester is to plan and execute the penetration test and analyze the results for management. In many cases, the tester will be a member of the company or organization that is the subject of the test. However, a company may hire an outside firm to conduct the penetration test if it does not have the personnel or the expertise to do it itself.

Attacker:

A real-life version of a tester. However, where the tester works with a company to improve its security, the attacker works against a company to steal information or resources.

Attack:

The series of activities performed by the tester in an attempt to circumvent the security controls of a particular target. The attack may consist of physical, procedural, or electronic methods.

Subject of the test:

The organization upon whom the penetration test is being performed. The subject can be an entire company or it can be a smaller organizational unit within that company.

Target of a penetration test:

The system or organization that is being subjected to a particular attack at any given time. The target may or may not be aware that it is being tested. In either case, the target will have a set of defenses it presents to the outside world to protect itself against intrusion. It is those defenses that the penetration test is designed to test. A full penetration test usually consists of a number of attacks against a number of different targets.

Management:

The term used to describe the leadership of an organization involved in the penetration test. There may be several levels of management involved in any testing effort, including the management of the specific areas of the company being tested, as well as the upper management of the company as a whole. The specific levels of management involved in the penetration testing effort will have a direct impact on the scope of the test. In all cases, however, it is assumed that the tester is working on behalf of (and sponsored by) at least one level of management within the company.

Penetration test:

The actual performance of a simulated attack on the target.

What is Penetration Black Box Gray Box White Box Testing ?

Penetration Testing – Black Box, Gray Box, and White Box Testing

Penetration testing usually falls under three categories: Black Box, Gray Box, and White Box.
Black Box does not include any knowledge of the structure of the system, so this type of testing simulates the approach of an outside attacker.
Gray Box includes only a limited knowledge of the layout of the target.
White Box testing occurs when a penetration tester has complete knowledge of the layout of the target(s).

in the last i think now you have a full knoldge what Penetration Testing is, so i hope you share this article ti reach a lot of people around the globe.