General Penetration Testing Framework

Kali Linux is a versatile operating system that comes with a number of security assessment and penetration testing tools. Deriving and practicing these tools without a proper framework can lead to unsuccessful testing and might produce unsatisfied results. Thus, formalizing the security testing with a structured framework is extremely important from a technical and managerial perspective.  The general testing framework presented in this section will constitute both the black box and white box approaches. It offers you a basic overview...

Read More

Vulnerability Assessment vs Penetration Testing

There is always a need to understand and practice the correct terminology for security assessment. Throughout your career, you may run into commercial grade companies and non-commercial organizations that are likely to misinterpret the term penetration testing when trying to select an assessment type. It is important that you understand the differences between these types of tests. Vulnerability assessment is a process to assess the internal...

Read More

Penetration Testing Methodology

Penetration testing, often abbreviated as pentest, is a process that is followed to conduct an in-depth security assessment or audit. A methodology defines a set of rules, practices, and procedures that are pursued and implemented during the course of any information security audit program. A penetration testing methodology defines a roadmap with practical ideas and proven practices that can be followed to assess the true security posture of a network, application, system, or any combination thereof. This chapter offers summaries of several key...

Read More

Mengelola Program Audit

Program audit dapat mencakup pertimbangan satu atau lebih standar sistem manajemen audit, yang dilakukan baik secara terpisah atau dalam kombinasi.Manajemen harus memastikan bahwa tujuan program audit ditetapkan dan menetapkan satu atau orang yang lebih kompeten untuk mengelola program audit. Luasnya program audit harus didasarkan pada ukuran dan sifat dari organisasi yang diaudit, serta pada sifat, fungsi, kompleksitas dan tingkat kematangan...

Read More

Prinsip Audit

Auditor ketika melakukan kegiatan audit mempunyai beberapa prinsip atau kaidah audit, yaitu:  1. Integritas adalah dasar profesionalisme Auditor dan orang yang mengelola program audit harus:  Melakukan pekerjaan mereka dengan kejujuran, ketekunan, dan tanggung jawab. Mengamati dan mematuhi persyaratan hukum yang berlaku. Menunjukkan kompetensi mereka saat melakukan pekerjaan mereka. Melakukan pekerjaan mereka dengan cara yang tidak...

Read More