What is Application security? This questions generally comes in our mind when we going through an interactive phase of testing & security. Application security consists of methods which are taken throughout the application's life-cycle to protect the applications from external threats. Applications are used only for controlling the resource usage which is being granted. A Sound application security routine minimizes the chances that hackers will be able to manipulate applications and making some alterations in the existing applications.
A Principle based approach application security includes:-
• Threats Understanding at the initial stage.
• Making a tight security of application’s network & host.
• Incorporation of Security Features into our Security Development Process.
The whole application security can be enhanced by properly defining enterprise assets & determining what an application performs with respect to these assets, application security security profile creation, and identification of potential application threats & actions that will be taken for removal of these threats. The whole process covers the phenomenon of threat modeling.
In relation to application security the question arises for penetration testing also. Penetration Testing often called pen test consist of evaluation of a computer system or network security by simulating an attack from malicious people. The whole process involves a detailed active analysis of the whole system for any major fault that could result due to a poor or improper configuration of the system; also a major cause is the known & unknown hardware as well as software flaws which cause a hindrance in the proper functioning of the system. This whole analysis is carried out from the end of a potential attacker who can also actively exploit any security vulnerabilities related to that system.
Penetration Testing is carried out majorly in these common areas:-
• Dynamic Websites & in House Applications
• Operating systems
• Database Applications
• Networking Equipments
• Telephony Applications
• Bluetooth, IR, GSM & RFID
Various methods of penetration testing includes:-
1) Discovery of information of the target system via a wide range of techniques like scan utilities, Google Data etc.
2) Enumeration of device version information of software & hardware device.
3) Vulnerability Identification in which the user determines the weakness of the system & the core areas of the system where the attacks can be launched.
4) Exploitation and Launching of Attacks which involves the launching of right exploits for gaining full access control over the system.
5) Performing a DOS (Denial of Service Test) for testing the production system’s stability in order to determine whether they are functioning properly or not.
6) Final Step is to generate a customized report after the completion of the whole penetration testing process.
Although it is a good practice to carry out penetration testing but there are some major risks which can occur as follows:-
• In the Phase of Network scanning, the response time of organization’s networks may get slow down.
• The whole system’s operation ability can also be damaged in the course of this testing.
If such cases are avoided, then of course the penetration testing will be helpful in determining an organizations whole system flaws which can be removed at earlier stage itself.
Article Directory : http://www.articlecube.com
