{"id":516359,"date":"2022-11-26T16:00:50","date_gmt":"2022-11-26T13:00:50","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-penetration-testing-keeps-systems-safe\/"},"modified":"2022-11-26T16:00:50","modified_gmt":"2022-11-26T13:00:50","slug":"how-penetration-testing-keeps-systems-safe","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-penetration-testing-keeps-systems-safe\/","title":{"rendered":"#How Penetration Testing Keeps Systems Safe"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a368b8d5c15a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a368b8d5c15a\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-penetration-testing-keeps-systems-safe\/#%E2%80%9CHow_Penetration_Testing_Keeps_Systems_Safe%E2%80%9D\" >&#8220;How Penetration Testing Keeps Systems Safe&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-penetration-testing-keeps-systems-safe\/#What_Is_Pen_Testing\" >What Is Pen Testing?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-penetration-testing-keeps-systems-safe\/#Pen_Test_vs_Vulnerability_Assessment\" >Pen Test vs Vulnerability Assessment<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-penetration-testing-keeps-systems-safe\/#Who_Performs_Pen_Tests\" >Who Performs Pen Tests?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-penetration-testing-keeps-systems-safe\/#How_Do_Penetration_Tests_Work\" >How Do Penetration Tests Work?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-penetration-testing-keeps-systems-safe\/#How_Can_I_Protect_My_Devices\" >How Can I Protect My Devices?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CHow_Penetration_Testing_Keeps_Systems_Safe%E2%80%9D\"><\/span>&#8220;How Penetration Testing Keeps Systems Safe&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<figure style=\"width: 1200px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-849345\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/11\/shutterstock_1405910804.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Digitial illustration of a beam of light piercing a computer keyboard and reaching a wall of numbers and zeros.\" width=\"1200\" height=\"675\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/concept-simulating-cyber-attack-on-software-1405910804\">VallepuGraphics\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>Penetration testing is a way for cybersecurity experts to test a system by simulating an attack. It involves intentionally trying to get past existing security, and it can help companies find out if their systems can withstand a hack.<\/p>\n<p>If you\u2019re reading about cybersecurity, the term penetration testing will come up as a way to see if systems are secure. What is penetration testing, though, and how does it work? What kind of people perform these tests?<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"What_Is_Pen_Testing\"><\/span>What Is Pen Testing?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Penetration testing, often referred to as pen testing, is a form of ethical hacking in which cybersecurity professionals attack a system to see if they can get through its defenses, hence \u201cpenetration.\u201d If the attack is successful, the pen testers report to the site owner that they found issues which a malicious attacker could exploit.<\/p>\n<p>Because the hacking is ethical, the people performing the hacks aren\u2019t out to steal or damage anything. However, it\u2019s important to understand that in every way besides intent, pen tests are attacks. Pen testers will use every dirty trick in the book to get through to a system. After all, it wouldn\u2019t be much of a test if they didn\u2019t use every weapon a real attacker would use.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Pen_Test_vs_Vulnerability_Assessment\"><\/span>Pen Test vs Vulnerability Assessment<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>As such, penetration tests are a different beast to another popular cybersecurity tool, vulnerability assessments. According to cybersecurity firm <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.secmentis.com\">Secmentis<\/a> in an email, vulnerability assessments are automated scans of a system\u2019s defenses that highlight potential weaknesses in a system\u2019s setup.<\/p>\n<p>A pen test will actually try and see if a potential issue can be made into a real one that can be exploited. As such, vulnerability assessments are an important part of any pen testing strategy, but don\u2019t offer the certainty that an actual pen test provides.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Who_Performs_Pen_Tests\"><\/span>Who Performs Pen Tests?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Of course, getting that certainty means that you need to be pretty skilled at attacking systems. As a result, many people working in penetration testing are reformed black hat hackers themselves. Ovidiu Valea, senior cybersecurity engineer at Romania-based cybersecurity firm <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/ctdefense.com\">CT Defense<\/a>, estimates former black hats could make up as many as 70 percent of the people working in his field.<\/p>\n<p>According to Valea, who is a former black hat himself, the advantage of hiring people like him to combat malicious hackers is that they \u201cknow how to think like them.\u201d By being able to get into an attacker\u2019s mind, they can more easily \u201cfollow their steps and find vulnerabilities, but we report it to the company before a malicious hacker exploits it.\u201d<\/p>\n<p>In the case of Valea and CT Defense, they\u2019re often hired by companies to help fix any issues. They work with the knowledge and consent of the company to crack their systems. However, there is also a form of pen testing that\u2019s performed by freelancers who will go out and attack systems with the best of motives, but not always with the knowledge of the people running those systems.<\/p>\n<p>These freelancers will often make their money by gathering so-called bounties via platforms like <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.hackerone.com\">Hacker One<\/a>. Some companies\u2014many of the best VPNs, for example\u2014post standing bounties for any vulnerabilities found. Find an issue, report it, get paid. Some freelancers will even go so far as to attack companies that haven\u2019t signed up and hope their report gets them paid.<\/p>\n<p>Valea warns that this isn\u2019t the way for everybody, though. \u201cYou can work for several months and find nothing. You will have no money for rent.\u201d According to him, not only do you really need to be very good at finding vulnerabilities, with the advent of automated <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">script<\/a>s there isn\u2019t much low-hanging fruit left.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"How_Do_Penetration_Tests_Work\"><\/span>How Do Penetration Tests Work?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Though freelancers making their money by finding rare or exceptional bugs reminds a bit of a swashbuckling digital adventure, the daily reality is a bit more down to earth. That\u2019s not to say it isn\u2019t exciting, though. For every type of device there is a set of tests used to see if it can stand up to an attack.<\/p>\n<p>In each case, pen testers will try and crack a system with everything they can think of. Valea emphasizes that a good pen tester spends a lot of his time simply reading reports of other testers not just to stay up-to-date on what the competition may be up to, but also to gain some inspiration for shenanigans of their own.<\/p>\n<p>However, gaining access to a system is only part of the equation. Once inside, pen testers will, in Valea\u2019s words, \u201ctry to see what a malicious actor can do with it.\u201d For example, a hacker will see if there are any unencrypted files to steal. If that\u2019s not an option, a good pen tester will try and see if they can intercept requests or even reverse engineer vulnerabilities and maybe gain greater access.<\/p>\n<p>Though it\u2019s not a foregone conclusion, the fact of the matter is that once inside there\u2019s not much you can do to stop an attacker. They have access, and they can steal files and wreck operations. According to Valea, \u201ccompanies aren\u2019t aware of the impact a breach can have, it can destroy a company.\u201d<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"How_Can_I_Protect_My_Devices\"><\/span>How Can I Protect My Devices?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>While organizations have advanced tools and resources like pen tests to safeguard their operations, what can you do to stay safe as an everyday consumer? A targeted attack can hurt you just as much, though in different ways than a company suffers. A company having its data leaked is bad <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a>, for sure, but if it happens to people it can ruin lives.<\/p>\n<p>Though pen testing your own computer is probably out of reach for most people\u2014and likely unnecessary\u2014there are some great and easy cybersecurity tips you should follow to make sure you don\u2019t fall victim to hackers. First and foremost, you should probably\u00a0test any suspicious links before you click on them, as that seems to be a very common way hackers attack your system. And of course, good antivirus software will scan for malware.<\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/848300\/how-penetration-testing-keeps-systems-safe\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;How Penetration Testing Keeps Systems Safe&#8221; VallepuGraphics\/Shutterstock.com Penetration testing is a way for cybersecurity experts to test a system by simulating an attack. It involves intentionally trying to get past existing security, and it can help companies find out if their systems can withstand a hack. If you\u2019re reading about cybersecurity, the term penetration testing&#8230;<\/p>\n","protected":false},"author":1,"featured_media":516360,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/11\/shutterstock_1405910804.jpg?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-516359","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/516359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=516359"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/516359\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/516360"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=516359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=516359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=516359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}