Hi All,
I want to go in enetration Testing, can anyone suggest me the scope of the same and some good sites from where I can good study material.
thanks.
Riya
Printable View
Hi All,
I want to go in enetration Testing, can anyone suggest me the scope of the same and some good sites from where I can good study material.
thanks.
Riya
Give this site a Look, there have got a fair few programs that could be used for pen-testing.
And as for reading material, well i'm sure that if you went and looked in the tutorials section you might be able to find some good reading material.
Everybody loves newbie time :p :
Lol, yeah so here's my question. What's enetration testing? I've searched yahoo and all I get is a bunch of stuff about penetration and dildos. :o
Penetration Testing is a kind of security Testing, where you test the vulnerability of the system.
The portion of security testing in which the penetrators attempt to circumvent the security features of a system. The penetrators may be assumed to use all system design and implementation documentation, which may include listings of system source code, manuals, and circuit diagrams. The penetrators work under no constraints other than those that would be applied to ordinary users.
The testing of an operational system for security weaknesses while attempting to override system privileges.
A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. ...
http://www.google.com/search?hl=en&q...=Google+Search
Do any of you have any idea of the companies who actively deal in Penetration Testing?
I believe penetration testing got easy with all the latest security cd's. But on a minimum you need to be fully aware of the OS and the latest tools with minimum coding skills to compile exploits .
Sachin
Greeting's
Wipro in india hire's pen testers for their clients. Now a days some call centers all so do that in Mumbai or banglore.
Many other companies also hire pen testers i think one more from india Mahendra & Mahendra, i'm sure you didnt know they were one of the best to provide Computer security service's in india. Infosys also hire's them but i'm not sure if you can get into infosys unless you are from IIT.
Best of luck.
Most major technical consulting firms will have some sort of offering or ability in this area, even if it's just a handful of consultants who can perform the evaluations with COTs or opensource tools. Some offer it as a service, with a standardized lab and scripted evaluations that are analyzed and reviewed by an analyst. It depends on what you want, and how much you are willing to pay.Quote:
Originally posted here by riya_here
Do any of you have any idea of the companies who actively deal in Penetration Testing?
I know for a fact that you can pay any of these companies to perform a PenTest (also known as External Vulnerability Assessment or EVA, although that term has broader meaning and scope than PenTest):
Symantec
IBM
VeriSign
Counterpane
You could also Google for Professional Penetration Testing Service and get a boatload of results. However, there's no telling what will rank highest...
Are you asking who specializes Penetration Testing? Many organizations will do Penetration Testing using their own employees. Some rely on their IT Security group to do it, others on the IT Auditing group.Quote:
Originally posted here by riya_here
Do any of you have any idea of the companies who actively deal in Penetration Testing?
SANS has some great stuff on Penetration Testing. (I took a class there and found it extremly useful.) If you can't (or don't want to) take a class with them, look into their Reading Room (http://www.sans.org/rr/) - In particular, the section dedicated to Penetration Testing (http://www.sans.org/rr/whitepapers/testing/)
-Deeboe
Thanks a lot guys.... :)
I am glad that i put the question here.
I got my answer!! :)
Regards.
some companies that have not been mentioned:
NGS (UK)
ISS
Symantec
Big 4 - PWC, KPMG, D&T, E&Y
Also, most large financial institutions will have a group that at least dabble in pen testing
I suggest you start by reading TCP/IP illustrated volume 1. The SANS stuff is ok, but seems a little basic at times, there also millions of books with the word "hacking" in their title which may be of use at some point.
Also, keep in mind that some companies will use the term penetration testing when all they really do is run a vulnerability scan, so depending on your skill level you may want to enquire as to what you prospective employee actually considers a pen test to be.
Well to start with we can try our hands on virtual machines,Nowdays I am trying a few tricks on my VMWare (win 2003).Just create a imagenary domain along with IIS,DNS and FTP setup to get a feeling ;) and from host OS we can fire our diff tools for doing penetration testing.
One more thing....any one experimenting with same setup kindly PM me
cheers
bat21
Hi Riya:Quote:
Originally posted here by riya_here
Do any of you have any idea of the companies who actively deal in Penetration Testing?
I have used Foundstone for a pen-test against a web application and was quite pleased with their work. They provided a very thorough report showing not just vulns but also the tools they used, the methodology, and also the data from the tools. Downside is they are expensive: $15K a pop.
The quality of the pen-test is dependent on 2 things: the methodology used and more importantly the skill level of the pen-tester. A well laid out scope and rules of engagement are also important.
Good luck.
I didnt knew there were so many tools available :)
Even I came to know about one, Nessus (www.nessus.com)