Our Sagacity

Have heard the term "Web Penetration" before and want to know what it is and how is it related to you? Then here you go... Web penetration is an authorised(legal) simulated(more or less like real) attack on a system to check its vulnerability for cyber attacks. It is a component of Security Audit. It comprises of two parts: "Discover the vulnerabilities"(legal) and "Exploit the vulnerabilities"(Illegal). It determines whether unauthorised access or other malicious activity is actually possible or not. Sounds interesting isn't it? Vulnerability Assessment is an essential part of Web penetration. There exist many testing techniques e.g. Fuzzing(cool name huh!! well its a part of vulnerability assessment) is a software testing technique in which random or invalid data are provided which can create invalid behaviour in the program and can check the program for failure in built in code assertions and potential memory leaks. And as all the import...

It is a systematic technical measurable assessment of systems or application. It consists of manual as well as automated assessments. The manual assessments include interviewing the staff who handles the vulnerability check on the systems as well as handling the physical access to the system. The automated assessment includes system generated audit reports or monitoring using softwares. It is all managed through CAATs or CAATTs (Computer Aided Audit Techniques or Computer Aided Audit Tools and Techniques). It is supported by most of the current enterprise operating systems due to the requirement of the “common criteria” (international standards for the operating systems related to security systems). These audits are generally performed by the Certified Accountants, CISA(Certified Information Systems Auditor) offered by ISACA(Information Systems Audit and Control Association) , External Auditors, Consultants etc.