HomePROJECTS

Cybersecurity Fundamentals 2

We will explore What is Pentesting? and Intrusion Tests!
Mar 21 2024
4 min readโ€ขHelpdesk, Hacking
Cybersec 2

Cybersecurity Fundamentals (Part 2).

ย 

Difficulty Level: โญ

I recommend you go to the Cheatsheet for a more dynamic and fun version of learning these terms. Click to find the Complete Cheatsheet

ย 

ISO/IEC 27032:2021: Guidelines for improving the state of cybersecurity, highlighting the unique aspects of that activity and its dependencies on other security domains, in particular.

Specialists are needed, if there is a problem with any member, things get complicated.

A framework is a framework of how to do things and a regulation is how to do it.

What is Ethical Hacking?: Ethical hacking is an important practice to improve the computer security of organizations, as it allows identifying and remedying vulnerabilities in a legal and ethical manner, it simulates the behavior of a real attack, with the purpose of compromising the organization to later perform a penetration test report and intrusion tests.

ย 

What is Vulnerability Analysis?: Vulnerability Analysis: This practice involves the use of automated tools and methods to scan systems, networks, and applications for security flaws that have already been documented. The main objective is not to simulate a real attack, but to carry out an exhaustive inventory of existing weaknesses based on known vulnerability databases.

What are intrusion tests?: Intrusion tests are a security practice that consists of a set of techniques that allow evaluating the level of technological security of an organization or service provided.

ย 

"A security test with an objective ends when that objective is obtained or when the time available to carry it out runs out", (OSSTMM - Open Source Security Testing Methodology Manual).

ย 

"Security test where evaluators copy real attacks to subvert the security functions of an application", (NIST - National Institute of Standards and Technology).

ย 

Why is Pentesting important?: They are an essential tool to improve computer security and protect confidential information. Some of the reasons why pentesting is important are:

  • ๐Ÿ–Š๏ธ Identify vulnerabilities in the system
  • ๐Ÿ–Š๏ธ Data protection
  • ๐Ÿ–Š๏ธ Audit tools
  • ๐Ÿ–Š๏ธ Regulatory compliance
  • ๐Ÿ–Š๏ธ Risk reduction

Types of intrusion tests

Black Box:

It consists of obtaining the greatest possible amount of information because there is NO prior knowledge or information about the system or network to be analyzed. It is the perfect simulation of an attack by an author who does not know the company.

ADVANTAGES: More realistic in terms of a real attack. Quick to execute.

DISADVANTAGES: May not identify all internal vulnerabilities. Less detailed.

ย 

Gray Box:

It consists of the consultant having PARTIAL knowledge of the system or network they are testing and generally has credentials to access the target network or applications. It is the perfect simulation of an end user trying to compromise the system without having full knowledge of it.

ADVANTAGES: Balances realism and depth of analysis. More flexible in terms of approach.

DISADVANTAGES: May not be as exhaustive as white box pentesting or as realistic as black box pentesting.

ย 

White Box:

It consists of the consultant having COMPLETE knowledge of the system or network they are testing. This allows for a complete and rigorous evaluation that results in a more effective penetration test.

ADVANTAGES: Allows for an exhaustive and detailed review. Identifies deeper vulnerabilities.

DISADVANTAGES: Less realistic from the point of view of an external attacker. Requires more time and resources.

ย 

Caja NGB
Caja NGB

ย 

TYPES OF REPORTS

  • ๐Ÿ“• Report for VULNERABILITY ANALYSIS: Comprehensive technical report listing all identified vulnerabilities, ranking of vulnerabilities by risk, and recommended remediation tasks.

  • ๐Ÿ“• Report for PENTESTING: Technical and executive report of the vulnerabilities, including attack vectors and successful attacks, ranking of vulnerabilities by risk, and recommended remediation tasks.

  • ๐Ÿ“• Report for ETHICAL HACKING: Technical and executive report of the attack vectors used in the organization, social engineering tests, level of employee awareness, and reports of security infrastructure weaknesses. Level of business impact, successful attack vectors, and information exfiltrated during the audit, level of access obtained. Enumeration of highest risk and remediation tasks by priority.

ย 

Thanks for reading part 2

ย 

Sources

Previous

Thoughts in Pink

Next

Metacrawler Metadata Eraser

Did you like this article? Share it!

ยฉ 2025