Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL

Chapter 2. Access Control > Penetration Testing

2.5. Penetration Testing

Penetration testing can be employed in order to evaluate the resistance of an information system to attacks that can result in unauthorized access. In this approach, the robustness of an information system's defense in the face of a determined cracker is evaluated. The penetration test, or ethical hacking as it is sometimes known, is conducted to obtain a high-level evaluation of a system's defense or to perform a detailed analysis of the information system's weaknesses. A penetration test can determine how a system reacts to an attack, whether or not a system's defenses can be breached, and what information can be acquired from the system. There are three general types of penetration tests:

  1. Full-knowledge test. The penetration testing team has as much knowledge as possible about the information system to be evaluated. This type of test simulates the type of attack that might be mounted by a knowledgeable employee of an organization.

  2. Partial-knowledge test. The testing team has knowledge that might be relevant to a specific type of attack. The testing personnel will be provided with some information that is related to the specific type of information vulnerability that is desired.

  3. Zero-knowledge test. The testing team is provided with no information and begins the testing by gathering information on its own initiative.


You are currently reading a PREVIEW of this book.


Get instant access to over $1 million worth of books and videos.


Start a Free 10-Day Trial

  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint