ABSTRACT
Penetration testing has been well popularized by the media. Many companies are now offering penetration services to identify vulnerabilities in systems and the surrounding processes. This report will Discuss "Penetration Testing" as a means of strengthening a corporate network's security. This report is divided into three parts. Introduction will give you a brief and basic overview of Penetration Testing and why we need Penetration Testing, The second part is the technical breakdown explains The strategy, model and type of Penetration Testing. In the conclusion, we will discuss both the value and limitation of Penetration Testing.
1. INTRODUCTION
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
1.1 What is Penetration Testing?
Penetration testing - using tools and