Penetration Testing Explained with Sample Test Cases
Penetration testing plays a key role in securing business and other important data/information of an organization from intruders and malicious users. It provides a robust testing mechanism through which an application or product is fully secured and cannot be breached.? Penetration testing is also known as pen testing and is performed by penetration testers, sometimes also referred to as an ethical hacker.
In this article, you will get to know about sample test cases of pen testing.?
What is penetration testing?
It is a testing method that uncovers vulnerabilities of a network, web application or computer system. This testing method helps in identifying whether the existing defensive measures that are incorporated in the system are robust enough to prevent any security breaches. Countermeasures are also suggested by penetration test reports, which, in turn, help in reducing the possible risks of the system or application being hacked.
The security of IT infrastructure is properly measured. It exploits application susceptibilities that comprise perilous end-user behavior, inappropriate configurations, application blemishes and operating system service. The efficiency of defensive methods can be authenticated through these kinds of evaluations.?
Following are the penetration testing sample test cases:
1. The web application should be verified to know whether it can identify spam attacks on contact forms that are used on the website
2. Filtering of incoming and outgoing email traffic should be verified to know whether it has been filtered or not and blocking of unsolicited emails should also be done
3. The proxy appliances should monitor the network traffic. Hackers will find it difficult to get internal details of the network through the medium of a proxy server, which in turn helps the system by protecting it from external attacks
4. Inbuilt spam filters are an integral part of many email clients and hence needs to be configured accordingly. These configuration rules can be applied to the body, subject or email headers.
5. The entire computer or network should be protected from firewalls. Unauthorized access to a system can be blocked by a firewall, which can be hardware or software. The data that needs to be sent outside the network should be prevented.
6. Exploit all the network devices, printers, desktop systems and servers.?
7. Check the encryption of usernames and passwords and then transfer it over secure connections like https
8. Trojan attacks can be found by scanning incoming network traffic
9. The system should be verified to ensure it is safe from Brute force attacks
领英推荐
10. The network or system should be verified to ensure it is secured from DoS (Denial-of-service) attacks. A single computer or a network can be targeted by a hacker with continuous requests because there is an overloading of resources on the target system, which in turn results in the denial of service for legit requests
11. The directory browsing should be checked to ensure it is disabled on the server
12. Maintaining all the access logs with proper access permissions
13. Spoofing attacks should be checked.?
14. GPS spoofing, Email ID spoofing, IP address spoofing, Caller ID spoofing, Referrer spoofing, ARP spoofing etc., should be verified
15. Crucial data like passwords should be verified to know whether it is stored in secret files on the system
16. Canonicalization attacks should be verified?
17. The application should be verified to know whether it can return more data than the specific requirements
18. COM and ActiveX attacks should be verified?
19. The application for cross-site scripting should be verified
20. The URL manipulation needs to be verified to check whether a web application is showing any unwanted information or not
Conclusion:
If you are looking forward to implementing pen testing for your specific project, then do get connected with a competent Software testing company that will provide you with tactical testing solutions that are in line with your project specific requirements.?
About the author: I am a technical content writer focused on writing technology specific articles. I strive to provide well-researched information on the leading market savvy technologies.