| There are seven main types of Security Testing according to the Open Source Security Testing Methodology Manual (OSSTMM). They are:
1. Vulnerability Scanning
2. Security Scanning
3. Penetration Testing
4. Risk Assessment
5. Security Auditing
6. Ethical Hacking
7. Posture Assessment & Security Testing
Vulnerability Scanning is done to identify the devices in your network that are open to known vulnerabilities. In simpler words, it is identifying the weak spots in the network before the attackers do. Though vulnerability scanning is usually referred to the practice of scanning Internet-connected networks, it can also refer to securing internal networks from malicious software or internal attackers (can be anyone from internal thieves to disgruntled employees) by conducting system audits. Most scanning systems generate a customized report that identifies vulnerabilities and sometimes also include steps for remediation. The organization can use the information to tighten its external as well as internal network's security.
Security Scanning involves scanning and verification of the system. It’s a mix of vulnerability scanning and manual verification.
Penetration Testing, also referred to as ethical hacking, attempts to exploit network vulnerabilities to determine whether any malicious attack or unauthorized access is possible or not. There are two ways by which penetration testing can be conducted: black-box and white-box testing. People who conduct penetration tests are called ethical hackers and they evaluate the system to answer these basic questions:
• What information are you trying to protect?
• What can a hacker do with that kind of information?
• What crucial things can a hacker see on the target system?
• Can anyone else notice the hacker’s activities on the target system?
Risk Assessment works on two basic elements – the probability of a security breach occurring and the potential damage it would cost. It’s carried out in the form of various interviews, discussions and analysis.
Security Auditing is one of the most powerful and efficient processes that protects your system. It’s a methodical and technical analysis of the activities that may affect the security of your system. The security auditors are equipped with the full knowledge of the organization, and sometimes they possess significant inside information, so that they understand the resources to be audited.
Ethical Hacking includes a number of Penetration Tests over wide systems on a network segment which are under test.
Posture Assessment and Security Testing is a mix of Security Scanning, Ethical Hacking and Risk Assessments to show where does the organization stand when it comes to network security. |
Article Details
