Net.Sec Management Week15

The flashcards below were created by user fs356 on FreezingBlue Flashcards.

What is a Vulnerability Scanning
Vulnerability Scanning: An automated software search (scan) through a system for any known security weaknesses (vulnerabilities) that then creates a report of those potential exposures.
- · It examines the current security in a passive method.
- · No exploitation of weaknesses
- · But rather report back what is uncovered
- · Usually performed from inside the security perimeter. (No disruptions to network devices)
What is Penetration Testing?

is designed to actually exploit any weaknesses in systems that are vulnerable.

–Testers are usually independent contractors.

–Testing takes place outside the security perimeter

–Could disrupt the operation of devices (actively probing)
Types of Pentest Techniques

Black Box Test: the tester has no prior knowledge of the network infrastructure.

White Box Test: Tester has in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even source code of custom applications

Gray Box Test: Sits between black and white box test, some limited information has been provided to the tester
Differences between Vulnerability Scan & Penetration Test

Author

ID

205659

Card Set

Net.Sec Management Week15

Description

Week 15 Vulnerability Scanning vs Penetration Testing

Updated

2013-03-07T15:01:33Z

Show Answers