This book is dedicated to the use of Kali Linux in performing penetration tests against networks. A penetration test simulates an attack against a network or a system by a malicious outsider or insider. Unlike a vulnerability assessment, penetration testing is designed to include the exploitation phase. Therefore, it proves that the exploit is present, and that it is accompanied by the very real risk of being
compromised if not acted upon.
Throughout this book, we will refer to “penetration testers,”
“attackers,” and “hackers” interchangeably as they use the same
techniques and tools to assess the security of networks and
data systems. The only difference between them is their end
objective—a secure data network, or a data breach.
Most testers and attackers follow an informal, open source, or proprietary-defined testing methodology that guides the testing process. There are certain advantages of following a methodology:
- A methodology identifies parts of the testing process that can be automated (for example, a tester may always use a ping sweep to identify potential targets; therefore, this can be scripted), allowing the tester to focus on creative techniques to find and exploit vulnerabilities
- The results are repeatable, allowing them to be compared over time or to cross-validate one tester’s results against another, or to determine how the security of the target has improved (or not!) over time
- A defined methodology is predictable in terms of time and personnel requirements, allowing costs to be controlled and minimized
- A methodology that has been preapproved by the client, protects the tester against liability in the event there is any damage to the network or data
E-book dapat Anda download DISINI