Pentest, Segurança Ofensiva, Hacking Ético ou Ethical Hacking, definição e conceitos.

Derivado do inglês Penetration Testing traduzindo Teste de Penetração ou Teste de Invasão mais comumente chamado, o Pentest é uma forma de estudar as vulnerabilidades dos sistemas e redes, afim de, posteriormente criar métodos de prevenção e correção dos mesmos. Também pode ser definido como Segurança Ofensiva, Hacking Ético ou Ethical Hacking.

Pentest is used to find the security weakness of a system and exploit with legal approval, in order to manage the computer system more safely. Using either automated tools or manual method or a combination of both, a Pentester can be explain found issues.

Defined as a multidisciplinary science, is a comprehensive method to test security, based in hardware, software e peoples, this process involves a deep analysis of the system for any potential vulnerabilities attempting to gain access to resources. In most common cases, obtain databases and other confidential information, are the focus of Penetration Tester.

Penetration testing helps safeguard the organization, preventing financial loss, preserve corporate image, information security. This procedure, evaluates the effectiveness of existing security and provides the supporting arguments for future investment or upgrade of security technologies.

Some methods can be used to prepare a Penetration Test, for example PTES, OSSTMM, ISSAF (Information Systems Security Assessment Framework), OWASP, however six steps can be used essentially: Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks and Reporting.

Reconnaissance – is the act of gathering preliminary data or intelligence on your target, collect as much interesting information as possible. Can be actively (meaning that you are directly touching the target) or passively (meaning that your recon is being performed through an intermediary).

Scanning –  can be use vulnerability scanner to gather information about target.

Gaining Access – requires taking control of one or more network devices in order to either extract data from the target, or to use that device to then launch attacks on other targets.

Maintaining Access – at this stage the attacker must remain hidden, a persistent connection must be maintained.

Covering Tracks – Here the attacker must remove all traces so that no one notices your presence and leave intact systems again.

Reporting – at this point it should be prepared the detailed report containing all the results at each stage.


Precisa de ajuda?

+55 54 99645-0777

Petter Anderson Lopes. Todos os direitos reservados. 2017

Política de Privacidade | Termos e Condições | Segurança