Professional Documents
Culture Documents
Assessment &
Penetration Testing
By: Michael Lassiter Jr. (@EthicalMJPen)
Vulnerability Assessment
Vulnerability Assessment:
Is the assessment of a system to determine if it has vulnerabilities or
weaknesses that need to be resolved or patched.
Is also known as a security audit.
Can be performed by one person or a team of vulnerability researchers or
security engineers.
Is often known as a flaw or weakness that could be exploited by an outside
attacker or compromised by internal personnel.
Is necessary because many organizations, companies, and health facilities are
required to meet certain compliance.
HIPPA regulations are important so that health facilities hire the services
of pen testers in order to meet compliance with vulnerability assessment
being a great portion of the service.
Penetration Testing
Penetration Testing Black Box, Gray Box, and White Box Testing
Penetration testing usually falls under three categories: Black Box, Gray Box,
and White Box.
Black Box does not include any knowledge of the structure of the system, so
this type of testing simulates the approach of an outside attacker.
Gray Box includes only a limited knowledge of the layout of the target.
White Box testing occurs when a penetration tester has complete
knowledge of the layout of the target(s).
Conclusion