Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Capella University
Abstract
Flaws, weakness, will be avenues of vulnerabilities are an indication of outputs pen testing,
since from this paper review l will establish the relationship security controls plans that use the
international organization information security governance network system security defense and
pen testing is used to aid risk assessment, business continuity, and compliance.
This paper will review the mitigation plans that will minimize the weakness and flaws find
in pen testing. Examining further over the paper is the duty of the internal and outside pen testing
within an organization. This paper will discuss further the idea of flaw hypothesis and will be
avenues of finding vulnerabilities at a specific target by pen tester” (Capella, 2019, 23-24).
Table of Content
Cover Page,
Abstract.
Table of Content.
Introduction/ Body
Conclusion
References
PENETRATION TEST PARTNER SELECTION AND RISK MITIGATION 4
Introduction
procedures and network management security control methodologies for the system
devices/application/OS weakness and flaws management plans, the review of the vulnerabilities
administration plans is from the further review of the organization risk assessment and
management which is for pen tester to seek and find weakness from specific targeted by
identification and assessment. Also, from the continuous network system management procedures
such as awareness and employees training, continuous network system monitoring and auditing,
organization business continuity and data recovery and finally documentation of organization
upgrades, setting priorities for information security applications/OS and devices patch
management and upgrades whiles there is also continuous risk management against any existing
vulnerabilities of application/OS, devices and human factor which was not implemented, and
updates and upgrades are done as soon as possible when prompted. Jason (2017) article states that
the implementation of antimalware and antivirus application reports and alerts which are generated
Which will give the mitigation plans which can implemented to minimize any dangers from
flaws and weakness found in the pen testing, such as having pen testing policies structures which
will cover the whole corporate information system enterprise-wide including the pen testing
procedures, process, external/internal pen testing selection criteria and the framework for pen
PENETRATION TEST PARTNER SELECTION AND RISK MITIGATION 5
testing management. By Butler (2014) he examined that with the full support of management and
international organization technical team in define scope of work for pen testing and quality of
change management procedure with better performance metrics for the outcomes of pen testing.
Before mitigation of vulnerabilities by pen testing there are identification specific target areas of
the international organization which the testing is being carried on in very critical business
processes, web application and operating system, parts of the organization network system
infrastructure, outsources third-party IT services such as the cloud services, critical specialized
equipment and network system development life cycle whether they are under development or not.
Before the mitigation plan for vulnerabilities there is procedure for define the pen testing
needs since the pen testing needs should be define by the specification of the scope of work needed
and what are not needed, what part of the pen test is going to be continuous pen testing to carried
out at what times, the needs of pen testing what is going to affected on such as the international
and operating system. What is pen tested should always be validated in the testing process is legal
processes, also not compromise existing organization data security needs whiles acting
testing consist of carrying out processes ahead of time. Sticking the well define the scope of pen
testing work and predefined the ways of escalation of pen testing processes. Also, maintaining that
teams’ members of the pen testing have full knowledge of testing needs ad against unforeseen
organization hinderance whiles complying with and following any escalation processes (Jason,
2017, p 19-22).
In the compliance of the pen testing members are held responsible for keeping the
organization risk at an acceptable boundary, never leave risk issues unattended by constantly with
PENETRATION TEST PARTNER SELECTION AND RISK MITIGATION 6
any dangers as they arise, keep testing in place agreed upon, dealing with any escalated issues As
soon as possible.
Internal and external pen testing where the tester simulates inside attack or remote attack
on the organization network system to find any weakness and flaws in the system which are
accessible or inaccessible to the public network system. In Jason (2017) article he states that since
the tester is pen testing in automation against above many flaws and weakness in connection with
the manual process to get in more exploration vulnerabilities holes in the organization network
system. By the external pen testing, the tester is able to validate the testing outcomes for the
organization security resources needed for mitigating any security controls which will affect the It
infrastructure risk level. From the penetration testing reports the organization is able to implement
The ideas of flaw hypothesis and will be avenues of areas of vulnerabilities in the specific
target system, the flawed hypothesis is where a trusted system is required to perform network
system specification outline since the main goal of the flawed hypothesis finding these system
flaws and weakness is also not required to simulate demonstration of exploitation. Clark states
further (1996) since the flawed hypothesis is made of generation of flaw in given the evaluation of
the testing result in due progress by validating the flaws or understanding of flaw object system,
confirmation of the flaws evaluate the documentation of identify flaws evidence and code since
the process is prioritized or inventory of the flaws sort by the likelihood of existence, desk checking
of the flaws and finally live testing of the flaws, generalization of flaws is where the team goes to
meet to confirm the existing of system flaws and its elimination of the flaws where is flaw is either
repair or patch to improve its countermeasures of flaw being fix in the system, (Clark, 1996, p 18-
22).
PENETRATION TEST PARTNER SELECTION AND RISK MITIGATION 7
References
Capella University, 2019, Course room, unit 9, Penetration test partner selection, and risk
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_
162482_1&content_id=_7268977_1&mode=reset
Jason Cressey, (2017) A guide for running an effective Penetration Testing program me, CREST,
Penetration-Testing-Guide.pdf
OWASP. (2004). OWASP Web Application Penetration Checklist Version 1.1. Date
retrieved03/14/2019,
https://mboulou.files.wordpress.com/2009/08/owaspwebapppentestlist1-1.pdf
https://www.sans.org/reading-room/whitepapers/application/win-friends-remediate-
vulnerabilities-34530.
Clark, W., 1996, Security Penetration Testing Guideline, Handbook for the Computer Security
https://apps.dtic.mil/dtic/tr/fulltext/u2/a390673.pdf
PENETRATION TEST PARTNER SELECTION AND RISK MITIGATION 8
PENETRATION TEST PARTNER SELECTION AND RISK MITIGATION 9