  |
|
|
Friday, 05 September 2008 |
|
 |
Intrusion Penetration
Testing
Penetration testing should be considered
whenever control systems are already in place and their functioning
has to be tested. Penetration testing also verifies the functioning
of a business's Intrusion Detection System. In addition, penetration
testing identifies vulnerabilities in proprietary systems. Penetration
testing takes place at 3 levels:
Initial testing occurs with only the information that might
be discovered by an outside intruder: zero-knowledge testing.
The second level of testing checks for illegitimate or legal
use of a machine by a legitimate user armed with the information
legitimately available to him or her.
In the third level of testing, the intrusion test works as a
well-informed malicious individual with strong computer knowledge
and access to sophisticated tools.
The penetration testing methodology used by WEBEXA ensures that
all potential weaknesses are tested, including all currently
identifiable vulnerabilities. It stresses the application in
ways that the developers never expected. Where an application
exists on multiple machines (typical client/server architecture),
we test each machine and the communications channel between
systems. We also attempt to exploit 'features' of the applications
to gain unauthorized access. |
|
|
