Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.
Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.
Pen test strategies include:
Targeted testing
Targeted testing is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights-turned-on" approach because everyone can see the test being carried out.
External testing
This type of pen test targets a company's externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they've gained access.
Internal testing
This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.
Blind testing
A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive.
Double blind testing
Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.
Torture test
A torture test is an evaluation of an item's ability to withstand extreme conditions. Such tests may be conducted by product manufacturers, reviewers, and even end users. Typically, a torture test subjects the item in question to a number of severe trials that far surpass anything it would be likely to encounter in real-world usage.
Torture tests for computers usually force your CPU to work at 100% of its capacity for an extended period of time, to evaluate how well the CPU, cooling system, and power supply are working. One of the best known torture tests for computers is Prime95, a program designed to find Mersenne prime numbers. Some benchmark ing products, such as SiSoftware's Sandra, also include a torture test mode.
Torture test
A torture test is an evaluation of an item's ability to withstand extreme conditions. Such tests may be conducted by product manufacturers, reviewers, and even end users. Typically, a torture test subjects the item in question to a number of severe trials that far surpass anything it would be likely to encounter in real-world usage.
Torture tests for computers usually force your CPU to work at 100% of its capacity for an extended period of time, to evaluate how well the CPU, cooling system, and power supply are working. One of the best known torture tests for computers is Prime95, a program designed to find Mersenne prime numbers. Some benchmark ing products, such as SiSoftware's Sandra, also include a torture test mode.
Regression test
Getting started with regression testing
To explore how regression testing is used in the enterprise, here are some additional resources for learning about software quality assurance tools:
Software testing fundamentals - Regression testing: Regression testing ensures that little changes don't break software. Good regression testers need to know what they're looking for, and this guide explains how.
Regression testing is more than retesting: Regression testing is a necessary component to any software development lifecycle. Expert Mike Kelly explains the motivations for conducting regression tests.
How to conduct regression tests: If regression testing is part of your test plan, here is some advice you should follow. Expert Mike Kelly explains how to properly conduct such testing.
Smoke Test
Smoke testing is non-exhaustive software testing, ascertaining that the most crucial functions of a program work, but not bothering with finer details. The term comes to software testing from a similarly basic type of hardware testing, in which the device passed the test if it didn't catch fire the first time it was turned on. A daily build and smoke test is among industry best practices advocated by the IEEE (Institute of Electrical and Electronics Engineers).
The original version of smoke testing predates both hardware and software testing and is still used to test the integrity of a variety of systems by placing a smoke bomb inside some kind of a chamber to see if there are any leaks for the smoke to escape through.
Related glossary terms: scripting language, RSS, Windows File System (WinFS)
automated test
Automated test equipment (ATE) is computer-controlled equipment that tests electronic devices for functionality and performance. ATE also conducts stress testing with minimal human interaction. ATE includes the control hardware, sensors, and software that collects and analyzes the test results. ATE is considered cost efficient for high-volume testing.
Automated test equipment uses a range of sensing techniques, including machine vision. In addition to the semiconductor industry, ATE is used in the automotive, medical equipment, airplane, and other manufacturing industries.
Performance testing
Performance testing is the process of determining the speed or effectiveness of a computer, network, software program or device. This process can involve quantitative tests done in a lab, such as measuring the response time or the number of MIPS (millions of instructions per second) at which a system functions. Qualitative attributes such as reliability, scalability and interoperability may also be evaluated. Performance testing is often done in conjunction with stress testing.
Performance testing can verify that a system meets the specifications claimed by its manufacturer or vendor. The process can compare two or more devices or programs in terms of parameters such as speed, data transfer rate, bandwidth, throughput, efficiency or reliability.
Performance testing can also be used as a diagnostic aid in locating communications bottlenecks. Often a system will work much better if a problem is resolved at a single point or in a single component. For example, even the fastest computer will function poorly on today's Web if the connection occurs at only 40 to 50 Kbps (kilobits per second).
Slow data transfer rate may be inherent in hardware but can also result from software-related problems, such as:
Too many applications running at the same time
A corrupted file in a Web browser
A security exploit
Heavy-handed antivirus software
The existence of active malware on the hard disk.
Effective performance testing can quickly identify the nature or location of a software-related performance problem.
Getting started with use performance testing
To explore how performance testing is used in the enterprise, here are some additional resources for learning about performance testing:
What is performance testing? Determining what exactly performance testing is proves to be more difficult than you'd expect. Testing expert Scott Barber attempts to pinpoint a definition while recognizing that it may be impossible for the industry to settle on one set explanation.
Software testing fundamentals: Performance testing: Software performance testing is crucial to software development and very easy to mess up. These tips and expert opinions illustrate how to conduct performance tests effectively.
Three tips for successful application performance testing: Testing database-backed applications for performance can be a daunting task. But you can make it easier on yourself if you follow these three tips.
No comments:
Post a Comment