Penetration Testing – Website Security
Penetration testing (also called pentesting or website security testing) is a test cycle to identify security gaps within an IT infrastructure, a web portal or similar. This is done by going through a series of attack scenarios and checking the quality and security (website security) of the test system.
Conducting regular penetration testing is appropriate and necessary in order to ensure security of a system. This is less about the quality of the developers, but more concerned about the security of the overall system and de components. Vulnerabilities usually appear in transition points (API, login / out, forms, etc.).
Components of penetration testing
- Port scanning provides knowledge about active services on a host system
- The vulnerability scenarios (Vulnerability Management) brings knowledge of potentially vulnerable points within a system, based on the installed software (OS, services, modules, applications)
- Penetration testing is an attempt to gain partial or full control over the system under test and its data