Pentest Methodologies
Pentest Methodologies
Pentest Methodologies
Its Methodologies
By
Bhashit Pandya
Web Security Researcher
Penetration Testing and
Methodologies is licensed
under a Creative Commons
Attribution-NoDerivs 3.0
Unported License.
About me!
Hello Friends,
I am an Individual Security Researcher and
web app vulnerability researcher!
Now a days working to share knowledge on
Web Security and spreading awareness
about common securities with Hcon..
If You Want your system to be fully protected the better way is to turn it off!
Acknowledgement
The presentation is dedicated to my dad
and mom who always supported me and
never let me down..
I would also Like to thank Ashish Mistry
to give me a platform to show my skills
and spread my knowledge with him!
Disclaimer
The Presentation is for ethical and learning
purpose. In this talk I will be presenting you
about how a penetration testing is been
conducted in Companies and Organizations.
Here you will Learn about organizations give
different methodologies and Manuals to
conduct a pentesting session.
Hope you all enjoy and Learn!
What is Penetration Testing?
As per WIKIPEDIA
A penetration test, occasionally pentest, is a
method of evaluating computer and network
security by simulating an attack on a computer
system or network from external and internal
threats.
Penetration Testing Means testing a system to
find out flaws,misconfigs,vulnerabilities all in
ethical and systematic manner.
Testing Area's
So there are many testing area's for
PenTestinig like
-Response team
-Systems regular Tests
-Human Manipulation
-Network Testing and Analyzing
-Application Auditing, Testing. Etc.
Why Penetration Test(Pentesting)?
How to know whether your network or
system is secure or not?
Is any body latching up your personal data
or violating your Privacy?
Well for few of you it dont matter a lot but
what about the companies having there
money logs/transactions or secrete data or
any private data regarding customers
where it is the duty of Companies to
protect there privacy and to fix those
vulnerabilities and clean up.
Pentesting Methodology
Penetration Testing Methodologies are the manuals
to conduct a security test on a system in a particular
manner!
ISSAF:
http://www.oissg.org/index.php/issaf
OWASP:
https://www.owasp.org/
PTES:
http://www.pentest-standard.org/index.php/Main_Page
NIST:
http://csrc.nist.gov/
Conclusion
These are some of the organizations and
non-profitable organization providing
manuals and guidelines regarding security
Testing and PenTest.
You can refer to these sites while
pentesting because these sites provide
some very usefull guidelines must read for
a pentester or an organization before
conducting a testing session!
Any Questions?
My Email:
[email protected]
Thank You!!!