FUNDAMENTALS OF COMPUTER

Detailed explanation-1: -Penetration testing is the exploitation of vulnerabilities present in an organization’s network. It helps determine which vulnerabilities are exploitable and the degree of information exposure or network control that the organization could expect an attacker to achieve after successfully exploiting vulnerability.

Detailed explanation-2: -Open ports, weak user credentials, unsafe user privileges and unpatched applications are types of vulnerabilities that a hacker could use to compromise your systems. Unsecure network configurations are usually relatively easy to remedy (as long as you are aware that they are unsecure).

Detailed explanation-3: -The third penetration testing phase is vulnerability assessment, in which the tester uses all the data gathered in the reconnaissance and scanning phases to identify potential vulnerabilities and determine whether they can be exploited.

Detailed explanation-4: -Part 1 of the report covers the most common administrative security vulnerabilities: unpatched internal systems, legacy systems, use of default credentials, inappropriate privileges, phishing, weak password policy, unlocked workstations and poor physical security.

Detailed explanation-5: -In the third phase, exploitation, the penetration testers try to actively exploit security weaknesses. Exploits are developed to, for example, gather sensitive information or to enable the pentesters to compromise a system and manifest themselves on it.