The 2018 Global Security Report from Trustwave found that all web applications are vulnerable to attack. All applications had at least one vulnerability, and the average number of vulnerabilities found per application was eleven.
Why do we need penetration testing? The purpose of a pen test is to identify vulnerabilities in your application exploitable from an outside attacker.
Some terms that you need to know
- Ethical Hacker: Someone who is employed by companies to do penetration tests.
- Penetration Test: A legal attempt to break into a company’s network to find vulnerabilities
- Security Test: More than only breaking into the system; also includes analyzing the company’s security and procedures. Tester also offers solutions to protect or secure the network
- Hackers: Someone that access a computer system or network without authorization/permission
- Crackers: Someone that breaks into a system to steal or destroy data
- Script kiddies or packet monkeys: Someone that only copy and run codes and techniques from knowledgeable hackers
- Tiger box: A collection of operating systems or hacking tools to help penetration tester and security tester to conduct vulnerabilities assessments and attacks.
- Red Team: ‘The Attacker’ team. The team that performs pen-test without the knowledge and consent of IT-staff of the organization.
- Blue Team: ‘The Defender’ team. The internal team that defends the system, they commonly have knowledge of the internal system.