Net.Sec Management Week15

Card Set Information

Net.Sec Management Week15
2013-03-07 10:01:33
Week 15 Vulnerability Scanning vs Penetration Testing

Week 15 Vulnerability Scanning vs Penetration Testing
Show Answers:

  1. What is a Vulnerability Scanning
    Vulnerability Scanning: An automated software search (scan) through a system for any known security weaknesses (vulnerabilities) that then creates a report of those potential exposures.

    • · It examines the current security in a passive method.
    • · No exploitation of weaknesses
    • · But rather report back what is uncovered
    • · Usually performed from inside the security perimeter. (No disruptions to network devices)
  2. What is Penetration Testing?
    is designed to actually exploit any weaknesses in systems that are vulnerable. 

    –Testers are usually independent contractors.

    –Testing takes place outside the security perimeter

    –Could disrupt the operation of devices (actively probing)
  3. Types of Pentest Techniques
    Black Box Test: the tester has no prior knowledge of the network infrastructure.

    White Box Test: Tester has in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even source code of custom applications

    Gray Box Test: Sits between black and white box test, some limited information has been provided to the tester
  4. Differences between Vulnerability Scan & Penetration Test