Professional Documents
Culture Documents
Ques 1: Suppose you are the leader of penetration testing team and you have to describe
different team activities roles in more detail with organization’s manager.
Answer 1:
In today’s world of penetration testing, there is no set method dictating how the teams are
actually organized. The number of actual penetration testers involved in a project will depend
primarily on key three factors:
This is the penetration testing team that actually launches the mock attack against the
business’s lines of defence. This team simulates real types of cyberattacks in order to
discover any unknown security vulnerabilities or weaknesses. The testing would typically
include both the hardware and software sides.
This is the penetration testing team that takes on the mock role of being the IT staff at the
business or corporation. The Blue Team will be the ones monitoring all alerts, anomalies and
any other forms of suspicious behaviour from within the IT infrastructure. In the end, their
job in the pen testing exercise is twofold: to fend off the cyberattack that’s being launched by
the Red Team and to give the real IT staff of the organization an idea of the required
vigilance and reactiveness
The Purple Team is actually a combination of members from both the Red Team and the Blue
Team. One may be asking at this point: why is this combination even necessary? It’s
important to keep in mind that Purple Teams are not required for every penetration testing
engagement.
For example, if it was a much smaller business (again, using our example of the 20-size
employee company), then there would not be a need for a Purple Team.
This is a type of penetration testing team that is designed to ensure and maximize the efforts
of both the Red Team and the Blue Team. They combine the Blue Team’s defensive tactics
with the threats and vulnerabilities found by the Red Team.
NAME: KANAD MISHRA REGISTERATION NUMBER: 11708027 SECTION: KM029
ROLL NO: RKM029A31
Vulnerability: A vulnerability scan looks for known vulnerabilities in your systems and
reports potential exposures that, if exploited, could result in a compromise of a system. The
scan ranks and reports each vulnerability. An external vulnerability scan is conducted from
outside the organization. An internal vulnerability scan is conducted from inside the
organization.
Ques 3: How Will You Protect The Data During And After Testing?
Answer 3:
The first thing to do is to determine what data is sensitive enough to require protection. This
could include items like names, addresses, social security numbers, and birth dates. Leaks of
NAME: KANAD MISHRA REGISTERATION NUMBER: 11708027 SECTION: KM029
ROLL NO: RKM029A31
this information could lead to identity theft, fraud, and other such consequences for
unsuspecting users.
Quality assurance management must protect information that lives under the regulations set
by industry standards. HIPAA rules are essential to follow for any medical or patient data,
while PCI security standards governs any financial transactions and information, making it
one of the most common laws that organizations must comply with.
With all of the data at a team’s disposal, they’ll want to use it, but how can they do so without
putting sensitive information at risk? Masking is an easy way to convert these sets into non-
sensitive data that can be leveraged for analysis or testing.
Computer Weekly contributor noted that the de-identification strategy must make sense to
developers and testers alike. Any fields should be substituted out with their appropriate
counterparts.
For example, alphanumeric characters must be replaced with other alphanumeric characters.
This will help teams understand what type of information went there and still transform
sensitive data into something that’s usable.
“These technologies are effective, scalable and easy if performed properly,” Gupta wrote.
“For example, only sensitive data must be masked, the masked data must not be reversible,
and the masked data must represent real data.”
Testers must be provisioned with the best tools that will not only keep their test cases
straight, but will also integrate well with data masking and protection solutions, and will
provide a comprehensive overview. Agile test management tools could be the answer here.
Jira Software, together with Zephyr test management and eazyBI reporting, make a powerful
set of agile software management tools. Together these tools not only enable groups to
collaborate effectively across projects and see updates in real time, but they can also help
teams assign and track all test cases down to the smallest detail.
The security from bringing these forces together will ease the minds of users as well as
developers and testers. These types of tools will also lead to a greater accuracy, better
security and overall improved quality while delivering applications faster than ever before.
NAME: KANAD MISHRA REGISTERATION NUMBER: 11708027 SECTION: KM029
ROLL NO: RKM029A31