Skip to main content

What are different aspects of network penetration testing?

Penetration test is popularly called pen test. Penetration testing can be defined as a methodology to determine the security level of a network or a computer system.

- This is usually done by simulating an attack from malicious outsiders or the people who are aliens to the system i.e., the people who don’t have any authorized means or permission to access that particular organization’s computer systems or network.

- The process of network penetration testing requires having an active analysis of the whole network and computer system for checking any potential flaws and vulnerabilities in the network system or computer system.

- These potential flaws and vulnerabilities could result from the improper or poor configuration of the network or the computer system.

Other reasons for these potential vulnerabilities and flaws are:

- Unknown and known software and hardware flaws and problems.
- The operational weaknesses of the testing process and counter measures of the technology used.

Typically, this analysis of the network and the computer system is carried out keeping in mind the position of a potential attacker and the process may also involve the active exploitation measures for exploiting security vulnerabilities.

- Security vulnerabilities or issues that are discovered during the testing process are reported to the owner of the network or the computer system.

- An effective penetration testing involves coupling of this information and findings with an already assessed accurate assessment of the potential affects or impact and giving it to the particular organization.

- It also includes outlining of a range of procedural and technical counter measures to overcome those potential vulnerabilities and reduce risks.

There are certain reasons that account for the necessity of carrying out penetration testing. They have been listed below:
- Identification of vulnerabilities that pose a higher risk to the network or the computer system from a combination of vulnerabilities that poses a lower risk. These vulnerabilities are exploited in a designed sequence.

- Determination of feasibility of a particular set of a type of vectors.

- Identification of vulnerabilities that may be impossible and difficult to detect otherwise with automated software scanning application.

- Assessment of the magnitude of impacts of the potential operations and business of the attacks that could be successful.

- Testing of the ability of the network defenders to detect and respond to the attacks by the malicious outsiders.

- Providing of evidence in support of the gradually increasing investments in technology of the security measures.

Penetrations tests can be rightly called the components of a full security audit. Best example that can be given is of payment card industry data security standard.

There are several ways for conducting the penetration tests.

- White box testing and black box testing are the methodologies widely used for carrying out performing penetration testing.

- Before carrying put the penetration testing, it is needed that the testers should determine the extent and location of the systems.

- Here, the white box testing provides the complete information of the infrastructure that is to be tested and it includes source code, IP address information and network diagrams.

- Sometimes grey box testing is also done.

- Penetration tests are called “full disclosure tests” since they provide full information about the network or the computer system to the testing party.

- Penetration testing involves a scan of the IP address space of the concerned organization for a full audit of source code of the application.

- Any computer system deployed in a hostile environment can be used for carrying out the penetration test.

- This measure provides an assurance that any malicious attacker won’t be able to affect the network or the computer system.


Popular posts from this blog


Agricultural Research Service

Eligibility Test/ Senior Research Fellowship Examination 

The Agricultural Scientists Recruitment Board (ASRB)
 holds a Competitive Examination for recruiting Scientists of the ARS in the pay scale of Rs. 8,000-13,500 in the ICAR Institutes, combined with National Eligibility Test (NET) for recruitment of Lecturers and Assistant Professors by the State Agricultural Universities (SAUS) and for award of ICAR Senior Research Fellowships.

The selected candidates for Agricultural Research Service must serve in the institutes to which they are posted until they find appointment for higher positions through selection at other institutes.

(i) Candidates successful in ARS are appointed as Scientists in the Indian Council of Agricultural Research in the pay scale of Rs. 8,000-13,500.

(ii) Candidates clearing the National Eligibility Test are recommended to various State Agricultural Universities who will consider them for appointment as Lecturers or Assistant Pro…


The Union Public Service Commission (U.P.S.C.) conducts Civil Services' Examination once a year in two stages. The Preliminary Examination (Objective Type) for selection of candidates for the Main Examination is held in the month of May.

The Civil Services Main Examination
 is held in the months of October/November. Blank application forms and other particulars are published in the Employment News, generally in the month of December.

The last date for the submission of applications to the Secretary, Union Public Service Commission, Dholpur House, Shahjahan Road, NewDelhi-11001 1 is usually the last week of January of the year of examination.

The Combined Civil Services Examination is conducted for Recruitment to the following Services/Posts:

1. Indian Administrative Service.
2. Indian Foreign Service.
3. Indian Police Service.
4. Indian P & T Accounts & Finance Service, Group 'A'.
5. Indian Audit and Accounts Service, Group 'A'.
6. Indian Customs and Central Excise S…

Aptitude Test Practice Questions - With Answers

Question 1. Which of the following is least like the others?
A.    cube
B.    sphere
C.    pyramid
D.    circle

D (because the circle is the only two-dimensional figure)

Question 2. Consider a language which uses the following set of characters:
Small set: { a b c }
Large set: { A B C }
Punctuation set: { x y }
This language must follow the following rules:
  1.    A punctuation character must end all series.
  2.    A series can have up to but no more than 4          characters,including punctuation characters.

Does the following series follow all the rules of the language defined above?
  A.    Yes
  B.    No

A (the series has only four characters and ends in a punctuation character)

Question 3. Consider the following flow chart for a customer:

The person in No.1 is:
    A.   Married, with children
    B.   Married, with at least one son
    C.   Unmarried, with at least one daughter
    D.   Unmarried, with at least one son
    E.   Unmarried, with no children