Security and penetration testing

Security testing checks the measures taken to be protected from various types of cyberthreats. It mostly refers to a software functionality and it’s behavior, how the program behaves in the presence of the attack when software launched into use, and if a leakage of information occurs, how it measures with major principles of security: confidentiality, integrity, authentication, including availability, authorization and non-repudiation. Security of network is provided via architecture where baseline is established for network traffic to detect anomalous behavior.

The largest part of security is penetration testing which is sometimes referred to as ethical hacking, is a security assessment used to identify vulnerabilities in a system. The leading standard for orienting the testing efforts in the search for vulnerabilities is the OWASP (Open Web Application Security Project) standard. The original standard is focused on the common web application and infrastructure solutions. Additionally, there is another OWASP standard that is mobile-focused.

1. Web Top 10 vulnerabilities  OWASP Top 10:2021  
2. Mobile Top 10 vulnerabilities OWASP Mobile Top 10 | OWASP Foundation .

Penetration testing is executed manually and automated with appropriate tools. Most of these tools are found within the Kali Linux distribution

Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution

Penetration testing is done in the following phases:

• Phase 1 – Reconnaissance and profiling
• Phase 2 – Exploration and scanning
• Phase 3 – Exploitation
• Phase 4 – Reporting
• Phase 5 – Recommendation and Reassessment