Penetration Testing is good!
A
no nga ba ang Penetration Testing? madali lang ba itong gamitin o gawin? Hindi pa natin masyadong alam kung ano ang kayang gawin ng mga hackers so ito na ang isa sa mga process na ginagamit nila, specifically ng mga White Hat Hackers o Ethical Hackers. Note: This is my first article that is all English but i Translate it to Tagalog para sa iba nating mga kababayan na hindi masyadong maintindihan ang English.
"I am Rovic, a DeepWeb Researcher and Knowledge is my Power!"
A penetration test is a subclass of ethical hacking; it comprises a set of methods and procedures that aim at testing/protecting an organization's security. The penetration tests prove helpful in finding vulnerabilities in an organization and check whether an attacker will be able to exploit them to gain unauthorized access to an asset.
(Translation in Tagalog:
Ang Penetration Testing ay ang subclass ng ethical hacking, ito ay kinapapalooban ng ilang mga methods o procedures na a ng layunin ay matesting o maprotektahan ang security ng isang organisasyon.
Ang Penetration test ay ang uri ng panghahack kung saan masusubukan ang tibay ng isang security at para mahanap ang mga vulnerabilities nito para maiwasan ang pag atake ng ilang mga cracker na siyang pumapasok at nagnanakaw ng mga informations mula sa isang organisasyon.
What are the types of penetration testing?
1. Network Penetration test
In Network Penetration test, you would be testing a network environment for potential security vulnerabilities and threats. This test is divided into two categories, the external and internal penetration test.
The external one will involve testing the public IP Address, while the internal one will test the internal network.
(Translation in Tagalog:
Sa Network Penetration test, kailangan mong itesting ang network environment para mahanap mo ang mga vulnerabilities sa security o yung mga threats. May dalawang kategorya tayo ng pagtetest, and external at internal penetration test.
Ang external penetration test ay ang magtetest sa mga Public IP Address ng isang network samantalang ang internal penetration test naman ay ang magtetest sa mga internal network.
2. Web Application Penetration Test
Web Application Penetration Test is very common nowadays, since your application hosts critical data such as credit card numbers, usernames, and passwords.
(Translation in Tagalog:
Napakacommon na ng Web Application test ngayon, mas nakilala pa nga siya kaysa sa Network Penetration test dahil ang application host ay talagang naglalaman ng mga importanteng data tulad ng Credit Card Numbers, Usernames, at Passwords.)
3. Mobile Application Penetration Test
The Mobile Application Test is the newest type of penetration test that has become common since almost every organization uses Android- and iOS-based mobile applications to provide services to it's customers.
(Translation in Tagalog:
Ang Mobile Application Penetration Test ay bago lang pero sumikat agad ito dahil na rin sa ang madalas na ginagamit na ng mga organisasyon ay Android- at iOS-based na mga applications para mabgyan nila ng serbisyo ang mga tao.)
4.Social Engineering Penetration Test
A social engineering penetration test can be part of a network penetration test. In a social engineering penetration test the organization may ask you to attack its users. This is where you use speared phishing attacks and browser exploits to trick a user into doing things they did not intend to do.
(Translation in Tagalog:
Ang Social Engineering Penetration Test ay pwedeng maging parte ng Network Penetration Test. Ito ay ang uri ng penetration test na kung saan nagtatanong ang attacker sa isang user at ginagamitan nila ito ng phishing attacks at browser exploits para maisahan ang user.)
5. Physical Penetration Test
A physical penetration test is what you would rarely be doing in your career as a penetration tester. In a physical penetration test, you would be asked to walk into the organization's building physically and test physical security controls such as locks and RFID mechanisms.
(Translation in Tagalog:
Ang Physical Penetration Test ay ang pinakamahirap o tila ba mano-mano na penetration test na magagawa ng isang penetration tester, dito ay papasok sa isang organisasyon ang tester at itetest niya ang mga physical security controls tulad na lamang ng locks at RFID mechanisms.)
what are the Categories of Penetration Testing?
1. Black Box
A black box penetration test is where little or no information is provided about the specified target.
(Translation in Tagalog:
Sa kategoryang ito ay kakaunti lamang o wala talagang impormasyon na kailangan tungkol sa target.
2. White Box
A white box penetration test is where almost all the information about the target is provided.
(Translation in Tagalog:
Sa kategoryang ito ay kakailanganin natin ang lahat ng impormasyon ng ating target.)
3. Gray Box
In a gray box test, some information is provided and some hidden.
(Translation in Tagalog:
Sa kategoryang ito ay maaring kailanganin natin ang kanilang impormasyon o pwede rin namang nakatago ito.)
What are the methodologies used in Penetration Testing?
1. OSSTMM
An open-source security testing methodology manual (OSSTMM) basically includes almost all the steps involved in a penetration test. The methodology employed for penetration test is concise yet it's a cumbersome process which makes it difficult to implement it in our everyday life. Penetration tests, despite being tedious, demands a great deal of money out of company's budgets for their completion which often are not met by a large number of organizations.
(Translation in Tagalog:
Halos lahat na ng steps sa pagpepenetration testing ay nakapaloob na sa OSSTMM ( Open-Source Security Testing Methodology Manual.)
2. NIST
NIST, on the other hand, is more comprehensive than OSSTMM, and it's something that you would be able to apply on a daily basis and in short engagements. It indicates the four steps of the methodology, namely, planning, discovery, attack, and reporting.
(Translation in Tagalog:
Ang NIST naman ay mas comprehensive kaysa sa OSSTMM, at ito ay ang methodology ng Penetration Testing na pwede mong iapply sa iyong daily basis at sa iyong maikling engagements. ipinakikita nitoa ang apat na steps para sa methodology, ang planning, discovery, attack at reporting.)
3. OWASP
The OWASP testing methodology is what we follow for all "application penetration tests" we do here at the RHA InfoSEC. The OWASP testing guide basically contains almost everything that you would test a web application for. The methodology is comprehensive and is designed by some of the best web application security researchers.
(Translation in Tagalog:
Ang OWASP ay ang ating sinusunod para sa lahat ng application penetration tests na kung saan ito ay ginagawa sa RHA InfoSEC. Nilalaman nito halos lahat kung paano mo matetest ang isang web application at kung para saan ito. Ang OWASP ay dinesign ng ilan sa mga magagaling na web application security researchers.)
P.S. Ang hirap pala magtranslate pero worth it naman hahaaha tuloy tuloy lang tayo Guys please support DeepWeb Researchers and Deep Knowledge, Thank you!!
"Be The Bad One Before The Good One"
YOU ARE READING
Hacking Articles
RandomHacking Articles is an article/guides about basic hacking and any topics related to Hacking/Technology. This was written by Rovic Balingbing a.k.a. Baby Esue, it consists of 30 parts, this "Hacking Articles" consists of some articles, guides, tutor...
