What is penetration testing? Penetration testing, often called “pentesting”,“pen testing”, or “security testing”, is the practice of attacking your own or your clients’ IT systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network. The person carrying out a penetration test is called a penetration tester or pentester.
Let’s make one thing crystal clear: Penetration testing requires that you get permission from the person who owns the system. Otherwise, you would be hacking the system, which is illegal in most countries – and trust me, you don’t look good in an orange jump suit.
In other words: The difference between penetration testing and hacking is whether you have the system owner’s permission. If you want to do a penetration test on someone else’s system, we highly recommend that you get written permission. In this case, asking first is definitely better than apologizing later!
You can become a penetration tester at home by testing your own server and later make a career out of it. At Rapid7, we have a team of professionals that pentest government and enterprise IT systems for a living. And let me tell you, they enjoy their job!
What is a vulnerability?
A vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. A vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities.
To test if you have any vulnerabilities in your systems, you typically use a vulnerability management solution, also known as a vulnerability scanner or vulnerability assessment solution. If you would like to get your hands on a free vulnerability scanner, try NeXpose Community Edition, one of Metasploit’s sister projects.
What is security research?
Vulnerabilities are typically found by security researchers, which is a posh term for smart people who like to find flaws in systems and break them. At Rapid7, we have a team of vulnerability researchers that do nothing else all day. Trust us, this can be a lot of fun.
Like penetration testing, security research can be used for good and evil. Some countries don’t make the distinction and outlaw security research completely, so make sure you check your country’s legislation before you start researching and especially before you publish any research.
What is an exploit?
To take advantage of a vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system. Exploits often deliver a payload to the target system to grant the attacker access to the system.
The Metasploit Project host the world’s largest public database of quality-assured exploits.
Even the name Metasploit comes from the term “exploit”. Metasploit was the first software to provide a common framework for a large selection of exploits. Think of it as an abstraction layer (“Meta”) for exploits (abbreviated “sploits”). Get it?
What is a payload?
A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit. Just imagine an exploit that carries the payload in its backpack when it breaks into the system and then leaves the backpack there. Yes, it’s a corny description, but you get the picture.
Metasploit’s most popular payload is called Meterpreter, which enables you to do all sorts of funky stuff on the target system. For example, you can upload and download files from the system, take screenshots, and collect password hashes. You can even take over the screen, mouse, and keyboard to fully control the computer. If you’re feeling particularly bad-ass, you can even turn on a laptop’s webcam and be a fly on the wall.