introduction of ethical hacking
                     Introduction of 
Ethical Hacking
Chapter 1: Introduction to Ethical Hacking
Technology Brief
Information Security 0verview
The methods and processes to protect information and information 
systems  from unauthorized access, the disclosure of information, usage 
or  modification. Information security ensures the confidentiality, 
integrity, and  availability. An organization without security policies and 
appropriate  security rules are at great risk, and the confidential 
information and data  related to that organization are not secure in the 
absence of these security  policies. 
An organization along with well-defined security policies and  
procedures helps in protecting the assets of that organization from  
unauthorized access and disclosures. In the modern world, with the latest 
 technologies and platforms, millions of users interacting with each other 
 every minute. 
These sixty seconds can be vulnerable and costly to the private  and 
public organizations due to the presence of various types of old and  
modern threats all over the world. Public internet is the most common 
and  rapid option for spreading threats all over the world. Malicious 
Codes and  Gcripts, Viruses, Gpams, and Malware are always waiting for 
you. 
That is  why the Gecurity risk to a network or a system can never 
eliminate. It is  always a great challenge to implement a security policy 
that is effective and  beneficial to the organization instead of the 
application of an unnecessary  security implementation which can waste 
the resources and create a loophole  for threats. 
GoogIe PIay Hack
A Turkish Hacker, “Ibrahim Balic” hacked Google Play twice. He conceded  the 
responsibility of the Google Play attack. It was not his first attempt; he  acclaimed 
that he was behind the Apple's Developer site attack. He tested  vulnerabilities in 
Google's Developer Console and found a flaw in the  Android Operating Gystem, 
which he tested twice to make sure about it  causing crash again and again.
The Home Depot Data Breach
Theft of information from payment cards, like credit cards is common  nowadays. In 
ZO14, Home Depot's Point of Gale Gystems were compromised.  A released statement 
from Home Depot on the 8th of Geptember ZO14 claimed  breach of their systems.
Essential Terminology
Hack VaIue
The term Hack Value refers to a value that denotes 
attractiveness, interest or  something that is worthy. Value 
describes the targets' level of attraction to  the hacker.
Zero-Day Attack
Zero-Day Attacks referrs to threats and vulnerabilities that can 
exploit the  victim before the developer identify or address and 
release any patch for that  vulnerability.
Vulnerability
The vulnerability refers to a weak point, loophole or a cause in 
any system or  network which can be helpful and utilized by the 
attackers to go through it.  Any vulnerability can be an entry 
point for them to reach the target.
Daicy Ghaining
Daisy Chaining is a sequential process of several hacking or 
attacking  attempts to gain access to network or systems, one 
after another, using the  same information and the information 
obtained from the previous attempt.
Payload
The payload referrs to the actual section of information or data 
in a frame as  opposed to automatically generated metadata. In 
information security,  Payload is a section or part of a malicious 
and exploited code that causes the  potentially harmful activity 
and actions such as exploit, opening backdoors etc. 
Bot
The bots are software that is used to control the target remotely 
and to  execute predefined tasks. The bots are also known as for 
Internet Bot or Web Robot. These  Bots can be used for Gocial 
purposes such as Chatterbots, Commercial  purpose or intended 
Malicious Purpose such as Gpambots, Viruses etc.
Elements of Information Security
Confidentiality
We want to make sure that our secret and sensitive data is 
secure.  Confidentiality means that only authorized persons can 
work with and see our  infrastructure's digital resources. It also 
implies that unauthorized persons  should not have any access to 
the data..
Integrity
We do not want our data to be accessible or manipulated by 
unauthorized  persons. Data integrity ensures that only 
authorized parties can modify data.
security concepts.
CIA Risk Control
Loss of privacy.
Unauthorized access to Encryption.
Confidentiality  information. Authentication. Access 
Identity theft.  Control
Maker/Checker. Quality 
Information is no longer reliable 
Integrity  Assurance. or accurate. Fraud. Audit Logs
Business continuity.  
Business disruption. Loss of  Plans and test. Backup 
Availability customer's confidence. Loss of  storage. Gufficient  
 revenue. capacity.
Table 1-01: Risk and Its Protection by Implementing CIA
Authenticity
Authentication is the process which identifies the user, or device to grant  
privileges, access and certain rules and policies. Gimilarly, Authenticity  
ensures the authentication of certain information initiates from a valid user  
claiming to be the source of that information & message transactions. The  
process of authentication through the combined function of identities and  
passwords can achieve Authenticity.
Figure 1-1 Elementc of Information Cegurity
Non-Repudiation
Nonrepudiation is one of the Information Assurance (IA) pillar which  
guarantees the information transmission & receiving between the sender and  
receiver via different techniques such as digital signatures and encryption.  
Non-repudiation is the assurance the communication and its authenticity, so  
the sender cannot deny from what he sent. Gimilarly, the receiver cannot deny 
 from receiving. Digital contracts, signatures and email messages use  
Nonrepudiation techniques.
The Security, Functionality, and Usability Triangle
In a Gystem, Level of Gecurity is a measure of the strength of the Gecurity in  
the system, Functionality, and Usability. These three components are known  
as the Gecurity, Functionality and Usability triangle. Consider a ball in this  
triangle, if the ball is centered, it means all three components are stronger, on  
the other hand, if the ball is closer to security, it means the system is  
consuming more resources for security and feature and function of the system 
 and Usability requires attention. A secure system must provide strong  
protection along with offering all services and features and usability to the  
user.
Figure 1-£ Cegurity, Fungtionality & Ucability Triangle
Implementation of High level of Gecurity typically impacts the level of  
functionality and usability with ease. The system becomes nonuser-friendly  
with a decrease in performance. While developing an application,  
deployment of security in a system, Gecurity experts must keep in mind to  
make sure about functionality & ease of usability. These three components of  
a triangle must be balanced.
Information Security Threats and Attack Vectors
Motives, Goals, and 0bjectives of Information Security Attacks
In the information security world, an attacker attacks the target system 
with  the three main components behind it. "Motive or Objective" of an 
attack  makes an attacker focus on attacking a particular system. Another 
major  component is "Method" that is used by an attacker to gain access 
to a target  system. Vulnerability also helps the attacker to fulfill his 
intentions. These  three components are the major blocks on which an 
attack depends.
Top Information Security Attack Vectors
cloud Gomputing Threatc
Cloud Computing is the most common trend & popularly in use 
nowadays. It  does not mean that threats to cloud computing or cloud 
security are fewer.  Mostly, the same issues as in traditionally hosted 
environments also exist in  the cloud computing. It is very important to 
secure Cloud computing to protect services and important data
.
Characteristics of APT Criteria 
are:
Characteristics Description
Objectives Motive or Goal of threat
Timeliness Time spend in probing & accessing the target
Resources Level of Knowledge & tools
Risk tolerance tolerance to remain undetected
Gkills & Methods Tools & Techniques used throughout the  
event
Actions Precise Action of threat
Attack origination points Number of origination points
Numbers involved in  Number of Internal & External Gystem  
attack involved
Knowledge Gource Discern information regarding threats
    
Incider Attack
An insider attack is the type of attack that is performed on a 
system, within a  corporate network, by a trusted person. Trusted 
User is termed as Insider  because Insider has privileges and it is 
authorized to access the network  resources.
    
    
Information Security Threat Categories 
 Information Gecurity Threats categories are 
as follows:  
Network Threatc
The primary components of network infrastructure are routers, 
switches, and  firewalls. These devices not only perform routing 
and other network  operations, but they also control and protect 
the running applications, servers,  and devices from attacks and 
intrusions. The poorly configured device offers  intruder to 
exploit. Common vulnerabilities on the network include using  
default installation settings, open access controls, Weak 
encryption &  Passwords, and devices lacking the latest security 
patches. Top network level  threats include:
Information gathering 
 Gniffing & 
Eavesdropping  
Gpoofing
Gession hijacking
Man-in-the-Middle 
Attack  DNG & ARP 
Poisoning  Password-
based Attacks  Denial-
of-Gervices Attacks  
Compromised Key 
Attacks  Firewall & 
IDG Attacks
    
Hoct Threatc
Host threats are focused on system software; Applications are built or 
running over this software such as Windows ZOOO, .NET Framework, 
GQL Gerver, and others. The Host Level Threats includes:
 Malware Attacks  
 Foot printing Password Attacks
 Denial-of-Services Attacks  
 Arbitrary code execution  
Application Threat
Best practice to analyze application threats is by organizing them into 
application vulnerability category. Main threats to the application are:
 Improper Data / Input Validation Authentication & Authorization
  Attack Security Misconfiguration
 Information Disclosure Broken Session Management 
Improper Error handling & Exception Management
Types of Attacks on a System
Operating System Attack
In Operating System Attacks, Attackers always search for an operating 
system’s vulnerabilities. If they found any vulnerability in an Operating 
System, they exploit to attack against the operating system. Gome most 
common vulnerabilities of an operating system are:
Buffer overflow vulnerabilities
Buffer Overflow is one of the major types of Operating System Attacks. It 
is related to software exploitation attacks. In Buffer overflow, when a -
 
    
program or application does not have well-defined boundaries such as 
 restrictions or pre-defined functional area regarding the capacity of 
data it  can handle or the type of data can be inputted. 
 Bug in the operating system
In software exploitation attack & bugs in software, the attacker tries to 
exploit the vulnerabilities in software. This vulnerability might be a 
mistake by the developer while developing the program code. Attackers  
can discover these mistakes, use them to gain access to the system. 
 Unpatched operating system
Unpatched Operating System allows malicious activities, or could not 
completely block malicious traffic into a system. Successful intrusion 
can impact severely in the form of compromising sensitive information, 
data loss and disruption of regular operation.
 Misconfiguration Attack
In a corporate network while installation of new devices, the 
administrator must have to change the default configurations. If devices 
are left upon default configuration, using default credentials, any user 
who does not have the privileges to access the device but has 
connectivity can access the device.  
 Application-Level Attack
Before releasing an application, the developer must make sure, test & 
verify from its end, manufactures or from developer's end. In an 
application-level attack, a hacker can use:
Buffer overflow Active content Cross-site script
    
    
Shrink Wrap Code Attack
Shrink Wrap code attack is the type of attack in which hacker uses the shrink  wrap 
code method for gaining access to a system. In this type of attack,  hacker exploits 
holes in unpatched Operating systems, poorly configured  software and application. 
To understand shrink wrap vulnerabilities, consider  an operating system has a bug 
in its original software version. The vendor  may have released the update, but it is 
the most critical time between the  release of a patch by vendor till client's systems 
updates. 
Information Warfare
Information warfare is a concept of warfare, to get involved in the warfare of  
information to gain the most of information. The term, “Information  Warfare” 
or “Info Mar” describes the use of information and  communication technology 
(ICT). The major reason or focus of this  information war is to get a competitive 
advantage over the opponent or  enemy. The following is the classification of 
Information warfare into two  classes: -
1. Defensive Information Warfare
Defensive Information warfare term is used to refer to all defensive  actions 
that are taken to defend from attacks to steal information and  information-
based processes. Defensive Information ware fare areas  are: -
Prevention  
Deterrence
Indication & Warning  
Detection
Emergency Preparedness  
Response
    
    
Hacking Concepts, Types, and Phases
Hacker
Hacker is the one who is smart enough to steal the information such as  
Business data, personal data, financial information, credit card 
information,  username & Password from the system he is unauthorized 
to get this  information by taking unauthorized control over that system 
using different  techniques and tools. 
Hacking
The Term "Hacking" in information security refers to exploiting the  
vulnerabilities in a system, compromising the security to gain unauthorized  
command and control over the system resources
    
    
The following are the five phases of hacking: -
1. Reconnaissance
Z. Gcanning
s. Gaining Access
4. Maintaining Access
5. Clearing Tracks
Reconnaissance
Reconnaissance is an initial preparing phase for the attacker to get ready for  
an attack by gathering the information about the target before launching an  
attack using different tools and techniques. Gathering of information about  
the target makes it easier for an attacker, even on a large scale. Gimilarly, in  
large scale, it helps to identify the target range.
Scanning
Gcanning phase is a pre-attack phase. In this phase, attacker scans the  
network by information acquired during the initial phase of reconnaissance.  
Gcanning tools include Dialler, Gcanners such as Port scanners, Network  
mappers, client tools such as ping, as well as vulnerabilities scanner. 
Gaining Access
Gaining access phase of hacking is the point where the hacker gets the  
control over an operating system, application or computer network. Control  
gained by the attacker defines the access level such as operating system level, 
 application level or network level access. 
    
    
Maintaining Accecc / EccaIation of Privilege
Maintaining access phase is the point when an attacker is trying to maintain  
the access, ownership & control over the compromised systems. Gimilarly,  
attacker prevents the owner from being owned by any other hacker. They 
use  Backdoorc, Rootkitc or Trojanc to retain their ownership. In this phase, 
an  attacker may steal information by uploading the information to the 
remote  server, download any file on the resident system, and manipulate the 
data and  configuration. To compromise other systems, the attacker uses this 
 compromised system to launch attacks.
Clearing Track
An attacker must hide his identity by covering the tracks. Covering tracks 
are  those activities which are carried out to hide the malicious activities.  
Covering track is most required for an attacker to fulfill their intentions by  
continuing the access to the compromised system, remain undetected & gain 
 what they want, remain unnoticed and wipe all evidence that indicates his  
identity. To manipulate the identity and evidence, the attacker overwrites the 
 system, application, and other related logs to avoid suspicion.
    
    
Ethical Hacking Concepts and Scope
Ethical Hacking
Ethical hacking and penetration testing are common terms, popular in 
information security environment for a long time. Increase in cybercrimes 
and hacking create a great challenge for security experts and analyst and 
regulations over the last decade. It is a popular war between hackers and 
security professionals.
My Ethical Hacking is Necessary
The rise in malicious activates, cybercrimes and appearance of different 
forms of advanced attacks require to need of penetration tester who 
penetrate the security of system and networks to be determined, prepare 
and take precaution and remediation action against these aggressive 
attacks.
These aggressive and advanced attacks include: - 
 Denial-of-Services Attacks
 Manipulation of data 
 Identity Theft Vandalism
 Credit Card theft Piracy
 Theft of Services
Increase in these type of attacks, hacking cases, and cyber-attacks, because 
of increase of use of online transaction and online services in the last 
decade. 
    
    
Scope and Limitations of Ethical Hacking
Ethical Hacking is an important and crucial component of risk 
assessment,  auditing, counter frauds. Ethical hacking is widely used 
as penetration testing  to identify the vulnerabilities, risk, and 
highlight the holes to take remedial  actions against attacks. However, 
there is also some limitations where ethical  hacking is not enough, or 
just through ethical hacking, the issue could not  resolve. An 
organization must first know what it is looking for before hiring  an 
external pentester. It helps focus the goals to achieve and save time. 
Phases of Ethical Hacking
Ethical Hacking is the combination of the following phases: -
1. Footprinting & Reconnaissance
2.. Gcanning
3. Enumeration
4. Gystem Hacking
5. Escalation of Privileges
6. Covering Tracks
Skills of an Ethical Hacker
A skilled, ethical hacker has a set of technical and non-technical 
skills.
    
  
TechnicaI SkiIIc
1. Ethical Hacker has in-depth knowledge of almost all operating systems,  
including all popular, widely- used operating systems such as  Windows, 
Linux, Unix, and Macintosh.
2. These ethical hackers are skilled at networking, basic and detailed  concepts, 
technologies, and exploring capabilities of hardware and  software.
3. Ethical hackers must have a strong command over security areas,  related 
issues, and technical domains.
4. They must have detailed knowledge of older, advanced, sophisticated  
attacks.
Non-TechnicaI SkiIIc
1.  Learning ability
2. Problem-solving skills
3. Communication skills
4. Committed to security policies
5. Awareness of laws, standards, and regulations.
Mind Map
    
    
Information Security Controls
Information Assurance (IA)
Information Assurance, in short, known as IA, depends upon the components that 
are Integrity, Availability, Confidentiality, and Authenticity. With the combination 
of these components, assurance of information and information systems are 
ensured and protected during the processes, usage, storage, and communication. 
These components are defined earlier in this chapter.
Apart from these components, some methods and processes also help in the 
achievement of information assurance such as: -
 Policies and Processes. 
  Network Authentication.  
 User Authentication.
 Network Vulnerabilities. 
  Identifying problems and resources.
Implementation of a plan for identified requirements.  Application of information 
assurance control.
Information Security Management Program
Information Security Management programs are the programs that are specially 
designed to focus on reducing the risk and vulnerabilities towards information 
security environment to train the organization and users to work in the less 
vulnerable state. The Information Security Management is a combined 
management solution to achieve the required level of information security using 
well-defined security policies, processes of classification, reporting, and 
management and standards. The diagram on the next page shows the EC-Council 
defined Information Security Management  Framework: -
    
    
Threat Modeling
Threat Modeling is the process or approach to identify, diagnose, and assist  
the threats and vulnerabilities of the system. It is an approach to risk  
management which dedicatedly focuses on analyzing the system security and 
 application security against security objectives. This identification of threats 
 and risks helps to focus and take action on an event to achieve the goals.  
Capturing data of an organization, implementing identification and  
assessment processes over the captured information to analyze the  
information that can impact the security of an application. Application  
overview includes the identification process of an application to determine  
the trust boundaries and data flow. 
    
    
Enterprise Information Security Architecture (EISA)
Enterprise Information Gecurity Architecture is the combination of  requirements and 
processes that help in determination, investigation,  monitoring the structure of 
behavior of information system. The following  are the goals of EIGA: -
Network Security Zoning
Managing, deploying an architecture of an organization in different security  zones is called 
Network Gecurity Zoning. These security zones are the set of  network devices having a 
specific security level. Different security zones  may have a similar or different security level. 
Defining different security  zones with their security levels helps in monitoring and 
controlling of inbound and outbound traffic across the network.
  
    
Information Security Policies
Information Gecurity Policies are the fundamental and the most dependent 
 component of the information security infrastructure. Fundamental 
security  requirements, conditions, rules are configured to be enforced in 
an  information security policy to secure the organization's resources. 
These  policies cover the outlines of management, administration and 
security  requirements within an information security architecture.
    
    
The basic goals and objectives of the Information Gecurity Policies are: -  
Cover Gecurity requirements and conditions of the organization  Protect 
organizations resources
• Eliminate legal liabilities  
• Minimize the wastage of resources
• Prevent against unauthorized access / 
modification 
• Minimize the risk
• Information Assurance
    
    
Types of Security Policies
The different types of security policies are as follows: -
1. Promiscuous policy
2. Permissive policy
3. Prudent policy
4. Paranoid Policy
Promiccuouc poIicy
The promiscuous policy has no restriction on usage of system resources.
Permiccive poIicy
The permissive policy restricts only widely known, dangerous attacks or  behavior.
Prudent PoIicy
The prudent policy ensures maximum and strongest security among them.  
However, it allows known, necessary risks, blocking all other service but  
individually enabled services. Every event is log in prudent policy.
Paranoid PoIicy
Paranoid Policy denied everything, limiting internet usage.
Implications for Security Policy Enforcement
HR & LegaI ImpIication of Security PoIiciec
HR department has the responsibility of making sure the organization is  aware 
regarding security policies as well as providing sufficient training.
    
    
Physical Security
Physical Gecurity is always the top priority in securing anything. In  
Information Gecurity, it is also considered important and regarded as the first  
layer of protection. Physical security includes protection against human-made 
 attacks such as theft, damage, unauthorized physical access as well as  
environmental impacts such as rain, dust, power failure and fire.
    
    
Incident Management
Incident Response Management is the procedure and method of handling an  incident 
that occurs. This incident may be any specific violation of any  condition, policies, or 
else. Gimilarly, in information security, incident  responses are the remediation actions 
or steps taken as the response of an  incident depending upon identification of an 
event, threat or attack to the  removal or elimination (when system become stable, 
secure and functional  again). Incident response management defines the roles and 
responsibilities  of penetration testers, users or employees of an organization. 
Additionally,  incident response management defines actions required when a system is 
 facing a threat to its confidentiality, integrity, authenticity, availability  depending 
upon the threat level. Initially, the important thing to remember is  when a system is 
dealing with an attack, it requires sophisticated, dedicated  troubleshooting by an 
expert. 
Incident Management Process
Incident Response Management processes include: -
1. Preparation for Incident Response
2. Detection and Analysis of Incident Response
3. Classification of an incident and its prioritization
4. Notification and Announcements
5. Containment
6. Forensic Investigation of an incident
7. Eradication and Recovery
8. Post-Incident Activities
Responsibilities of Incident Response Team
The Incident Response team is consists of the members who are well-aware  of dealing 
with incidents. This Response team is consists of trained officials  who are expert in 
collecting the information and secure all evidence of an  attack from the incident 
system. As far as the member of Incident response  team is concerned, this team 
includes IT personnel, HR, Public Relation  officers, Local Law enforcement, and 
Chief Gecurity officer.
    
    
    
    
Vulnerability Assessment
Vulnerability assessment is the procedure of examination, identification, 
and  analysis of system or application abilities including security 
processes  running on a system to withstand any threat. Through 
vulnerability  assessment, you can identify weaknesses and threat to a 
system, scope a  vulnerability, estimate the requirement and effectiveness 
of any additional  security layer.
Types of Vulnerability Assessment
The following are the types of vulnerability assessment:
1. Active Assessment
Z. Passive Assessment
s. Host-based Assessment
4. Internal Assessment
5. External Assessment
6. Network Assessment
7. Wireless Network Assessment
8. Application Assessment
Network Vulnerability Assessment Methodology
Network Vulnerability Assessment is an examination of possibilities of an  
attack & vulnerabilities to a network. The following are the phases of  
Vulnerability Assessment:
1. Acquisition
2. Identification
3. Analyzing
9. Evaluation
10.Generating Reports
    
    
Acquisition
The acquisition phase compares and review previously- identified vulnerabilities, 
laws, and procedures that are related to network vulnerability assessment.
Identification
In the Identification phase, interaction with customers, employees, administration 
or other people that are involved in designing the network architecture to gather 
the technical information.
Analyzing
Analyzing phase reviews, the gathered, collected information in the form of a 
collection of documentation or one-to-one interaction. Analyzing phase is 
basically: -
 Review information.
 Analyzing previously identified vulnerabilities results. 
  Risk Assessment.
 Vulnerability and Risk Analysis.
 Evaluation of the effectiveness of existing security policies.
Evaluation     
    
Evaluation-:
Evaluation phase includes: -
 Inspection of Identified Vulnerabilities.
 Identification of flaws, gaps in existing & required Security.  
 Determination of Security Control required resolving the issues 
Vulnerabilities.
 Identify modification and Upgrades.
Generating Report
Reporting phase is documentation of draft report required for future, inspection. This 
report helps identify vulnerabilities in the acquisition phase.  Audit and Penetration also 
require these previously collected reports. When  any modification in security mechanism 
is required, these reports help to  design security infrastructure. Central Databases usually 
holds these reports.  Reports contain: -
• Task did by each member of the team. Methods & 
tools used.
• Findings. Recommendation.
• Collected information from 
different phases.
    
    
Mind Map
    
    
Penetration Testing
Technology 0verview
In the Ethical Hacking environment, the most common term that often uses is  
"pentecter." Pentesters are the penetration tester that has permission to hack a  system by 
owner. Penetration testing is the process of hacking a system with  the permission from 
the owner of that system, to evaluate security, Hack  Value, Target of Evaluation (TOE), 
attacks, exploits, zero-day vulnerability  & other components such as threats, 
vulnerabilities, and daisy chaining.
Important for Penetration testing
If you want to be ready for an attack, you must be smart, to think like them, 
 act like them. Hackers are skilled, having detailed information of 
hardware's,  software, networking and other related information. The need 
and importance  of penetration testing, in the modern world where 
variously advanced threat  such as Denial-of-service, Identity theft, theft of 
services, stealing  information is common, system penetration ensure to 
counter the attack from  malicious threat by anticipating methods. Some 
other major advantages and  need for penetration testing is to uncover the 
vulnerabilities in systems and  security deployments in the same way an 
attacker gains access: -     
    
 To identify the threats and vulnerabilities to organizations assets.
 To provide a comprehensive assessment of policies, procedures, design, and 
architecture.
 To set remediation actions to secure them before they are used by a hacker to 
breach security.
 To identify what an attacker can access to steal.
 To identify what information can be theft and its use.
 To test and validate the security protection & identify the need for any 
additional protection layer.
 Modification and up-gradation of currently deployment security 
architecture.
 To reduce the expense of IT Security by enhancing Return on Security 
Investment (ROGI).
Types of Penetration Testing
Three types of Penetration testing are important to be differentiated 
because a  penetration tester may have asked to perform any of them.
    
    
BIack Box
The black box is a type of penetration testing in which the pentester 
is blind  testing or double-blind testing, i.e. provided with no prior 
knowledge of the system or any information of the target. 
 Black boxing is designed to  demonstrate an emulated situation as an 
attacker in countering an attack.
Gray box
Gray box, is a type of penetration testing in which the pentester has very  
limited prior knowledge of the system or any information of targets such 
as  IP addresses, Operating system or network information in very 
limited. Gary  boxing is designed to demonstrate an emulated situation as 
an insider might  have this information and to counter an attack as the 
pentester has basic,  limited information regarding target.
White box
The white box is a type of penetration testing in which the pentester has  
complete knowledge of system and information of the target. This type of 
 penetration is done by internal security teams or security audits teams to  
perform auditing.
Phases of Penetration Testing
Penetration testing is a three-phase process.
1- Pre-Attack Phase 
2- Attack Phase
3- Post-Attack Phase
    
    
Security Testing Methodology
There are some methodological approaches to be adopted for security or  
penetration testing. Industry-leading Penetration Testing Methodologies are: -
• Open Web Application Gecurity Project (OWAGP)
• Open Gource Gecurity Testing Methodology Manual (OGGTMM) 
•  Information Gystems Gecurity Assessment Framework (IGAF)  
• EC-Council Licensed Penetration Tester (LPT) Methodology
    
    
Mind Map
    
    
Information Security Laws and Standards
Payment Card Industry Data Security Standard (PCI-DSS)
Payment Card Industry Data Security Standard (PCI-DGG) is a global information 
security standard by “PGI Security Standard Council,” available for organizations 
to develop, enhance and assess security standards for handling cardholder 
information and security standard for payment account security. 
Founding members of this council are: -
 American Express, Discover Financial Services  
 JCB International
 MasterCard
   Visa Inc.
PCI data security standard deals with basically cardholder data security for debit, 
credit, prepaid, e-purse, ATM and POG cards. A high-level overview of PCI-DGG 
provide: -
 Secure Network Strong Access Control
 Cardholder data security
 Regular Monitoring and Evaluation of Network 
 Maintaining Vulnerability Program Information 
 security policy
IS0/IEC 
International Organization for Standardization (IGO) and International Electro-
Technical Commission (IEC) are organizations that globally develop and maintain 
their standards. This standard is a revised edition (second) of the first edition 
IGO/IGE Z7OO1:ZOO5. IGO/IEC Z7OO1:ZO1s cover the following key point in 
information security: -
 Implementation and maintaining Security requirements.  
 Information security management processes.
 Assurance of Cost-effective risk management.
    
    
• Status of Information Security Management
• Activities.  Compliant with laws.
Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) was passed in  1PP6 
by Congress. HIPAA runs with Department of Health and Human  Gervices (HHG) 
to develop and maintain regulation that associates with  privacy and security of 
health information. HIPAA Gecurity rules ensure  what information is protected, 
additionally, the safeguards that must apply to  secure electronic protected health 
information. 
The major domains in information security where HIPAA is developing and  
maintain standards and regulations are: -
• Electronic Transaction and Code Gets
• Standards  Privacy Rules
• Security Rules
• national Identifier Requirements 
• Enforcement Rules
Sarbanes 0xley Act (S0X)
Garbanes Oxley Act (GOX) key requirements or provisions organizes in the  form 
of 11 titles which are as follows: -
Title Majors
Title I Public company accounting oversight board
Title II Auditor independence
Title III Corporate responsibility
Title IV Enhanced financial disclosures
Title V Analyst conflicts of interest
Title VI Commission resources and authority
Title VII Gtudies and reports
Title VIII Corporate and criminal fraud accountability
Title IX White-collar crime penalty enhancements
    
    
Title X Corporate tax returns
Title XI Corporate fraud and accountability
Some other regulatory bodies are offering the standards that are being  deployed 
worldwide including Digital Millennium Copyright Act (DMCA)  and Federal 
Information Gecurity Management Act (FIGMA). DMCA is  United Gtates 
copyright law whereas FIGMA a framework for ensuring  information security 
control effectiveness. According to Homeland Gecurity,  FIGMA ZO14 codifies the 
Department of Homeland Gecurity's role in  administering the implementation of 
information security policies for federal  Executive Branch civilian agencies, 
overseeing agencies' compliance with  those policies, and assisting OMB in 
developing those policies. The  legislation provides the Department authority to 
develop and oversee the  implementation of binding operational directives to other 
agencies, in  coordination and consistent with OMB policies and practices. The 
Federal  Information Gecurity Modernization Act of ZO14 amends the Federal  
Information Gecurity Management Act of ZOOZ (FIGMA).
Mind Map