Loading ...Talha Ghafoor, the Technical Editor for CIO Pakistan and CSO Pakistan, walks you through the basics of Penetration Testing on a Linux server so you can assess the vulnerabilities in your network or server and fix them before they become a real problem! Take it away Talha!
If you are looking at other episodes of Hands on, you’ll find them here. Please leave your feedback, comments and suggestions!
@Qazi,
Thanks for mentioning and I agree with you. Although there is a difference, but I just wanted to keep it simpler for audience.
There are many suites of automated tools and online services available that deal with both at same time. And as a PCI Auditor, I also deal with both at same time and the official term we use for both is “Network Scanning”.
What you have posted here is Vulnerability Assessment and not Penetration Testing and yes, there is a huge difference in both.
Nessus is a vulnerability scanning tool which only identifies “possible” security vulnerabilities (with a hell lot of false +/-).
Vulnerability Assessment checks for the visible/obvious security issues but Penetration Testing goes further and not only identifies security vulnerabilities but also exploits them to demonstrate an actual hacker attack and includes steps such as footprinting, scanning, enumeration, sniffing, packet inspection, password cracking, bufferover flow attacks, exploitation, backdoor, denial of service, erase logs, patch and report to name a few activities.