Week 11
Penetration Testing and Vulnerability Scanning are two sides of vital testing that should be preformed on all production applications. But what are they? and what are their differences?
Lets start by defining each.
Penetration Testing is the act of brute forcing, and using common and known hacking techniques to exploit weaknesses of an application.
Vulnerability Testing/Scanning is the act of checking all software versions to ensure they are up to date with current security standards.
Will these prevent an attack, maybe…There will always be a possibility of being compromised but the more caution and thought you put into your design you can minimize this risk. Because just like physical crimes, criminals look for unlocked doors.
As you can imagine both of these are vital to a systems analysis. Yet both have their time and place. These test should be ran when major software upgrades and even downgrades are needed to ensure software integrity. Tools like Kali and Appscan by IBM, are just an example of a penetration testing software suite and a vulnerability scanner.
The main difference is this:
Penetration testing looks for unknown vulnerabilities and scanning checks for known security issues in older dependencies.
Getting Started with Web Application Penetration Testing
From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.