Penetration testing - Evaluating the security of a computer system or network by hacking. Basically, it is an analysis of system for any potential vulnerabilities that may result from any of the following:

• Poor or improper system configuration
• Known and / or unknown hardware or software flaws
• Operational weaknesses in process
• Technical countermeasures

In other words, we can say that it is the process of actively evaluating your information security measures.

Importance of Penetration Testing:

• It prevents financial loss through from hackers or extortionists or disgruntled employees
• It prevents financial loss through unreliable business systems and processes
• From an operational perspective, penetration testing helps shape information security strategy.
• It protects your brand by avoiding loss of consumer confidence and business reputation.

Below are some common areas that can be tested in Penetration Testing:

• Telephony or remote access
• Products such as operating systems, applications, databases, networking equipment etc.
• Custom build dynamic web sites or in-house applications etc.
• WIFI, Bluetooth, IR, GSM or any other wireless devices etc.Access control devices etc.

However, you do not need to test all of the above mentioned areas. Do a risk analysis to find the main threats.

Selecting Penetration Testing Software: Before you select Penetration Testing Software, you will need to identify the types of tests that are required. (As tests may vary from application to application).

Example of Penetration Testing Software which is good to use for varity of penetration tests is DevPartner Studio Professional Edition. It is an award-winning suite of software development and testing tools that enable Windows application teams to build reliable, high-performance applications, components and web services for Microsoft .NET and native Windows platforms. You can download it from below URL:

http://www.compuware.com/products/devpartner/studio.htm

If you would like to use some third party Software Testing Services for penetration testing, below are some important points that you need to remember while selecting the vendor:

• Eliminate the supplier who provided the systems that will be tested.
• Is security assessment their core business?
• How long have they been providing penetration testing software services?
• Do they offer a range of services that can be tailored to your specific needs?
• Do they perform their own research?
• How experienced are the proposed testing team and do they hold professional certifications?
• Are they recognised good contributors within the penetration testing software services?
• What is their policy on information security and confidentiality?
• Are they ready to do a legal agreement that will protect you from negligence on behalf of the supplier?

Also See:

• Security Testing
• Network Protocol Testing
• Testing Client Server Applications