What is penetration testing?
Penetration testing is the evaluation of any computer system, whether it be a single device or a group of interconnected nodes, against any potential attacks from inside or outside, breaking the security.
Types of Penetration testing –
- Password Attack (brute force, cain & abel, ophcrack)
- Session management holes (cookiedigger)
- Protocol and config management (SSL, Database, port scanning)
- Info gathering (social engineering, phishing, fingerprinting)
- Data validation and testing (cross site scripting, buffer overflow, SQL injection)
- HTTP-Web monitoring
- Denial of Service attacks
- Web testing frameworks (w3af, websecurity)
(Post reference – The Open Web Application Security Project)