Penetration Testing vs Vulnerability Testing - Know the Difference

It has become a very common situation, each time you turn around, there is high profile Data breach in the news. Most of the time, it would be involving Cardholder Data Compromise. This kind of Targeted Breach has been rapidly increasing worldwide.

It is important to focus if the retailer is being compliant with Payment Card Industry Data Security Standards (PCI DSS). If a retailer is not compliant, he is liable to pay fines and even could be suspended from accepting cards.

Now, lets focus on Information Security. It is important to make sure that not only information but all your virtual components needs to be secure. Further to security, basically they should qualify with Penetration and Vulnerability Testing

Often there is a confusion in understanding the differences between Penetration Testing vs Vulnerability Testing. This Confusion arises because these two types of tests are similar. Both these tests are used in identification of weakness in your Network and Application.

Vulnerability Test identifies weaknesses that an hacker might be able to exploit based on standard Methodologies. While Penetration finds weaknesses by having an "White Hat" or "Ethical Hacker", who actually exploits them by penetrating into the required Application or Network. Pentesting requires customization based on the target and is more Expensive than Vulnerability Scanning.

Triad Square Infosec performs expertised Vulnerability Test together with Penetration Testing under VAPT Service for Organizations Globally.

For a Clear Understanding on the differences between Vulnerability and Penetration Testing, follow the side-by-side comparison table 

Item	Vulnerability Testing	Penetration Testing
PCI DSS Requirements	11.2	11.3
Goal	Identify weaknesses that could be exploited by attackers internal and external.	Determine if unauthorized external access to key systems and files can be achieved.
Required Resolution	Rescan as needed, until all “high-risk” vulnerabilities are fixed.	Retest as needed until no vulnerable access points are found.
Who performs?	For internal scans: Qualified internal resource or a qualified third party.For external scans: An Approved Scanning Vendor, approved by PCI SSC)	Qualified internal resource or a qualified third party.
Automation	Can be fully automated because they are based on standard methodologies	Cannot be fully automated because they require customization for target environment and requirements.
Documentation Requirements	Documented Scope.Document Risk   Ranking process	Results should be retained
Scope	Limited to Analysis only	Tests could be performed in External and Internal Environments by Exploit
Frequency	Quarterly and after any significant change in the Structure	Run internal and external tests annually and after significant infrastructure and application upgrades
Components	Servers, routers, switches, workstations, databases, virtual machines or web applications	Social engineering and the exploitation of exposed vulnerabilities, access controls on key systems and files, web-facing applications, custom applications, and wireless connections.
Methodology	Must conform to standard practices	Must be customized for the targets systems and environment

Beware of Identity theft... Protect yourself....

Identity theft is a form of stealing someone's identity, in which someone act as someone else by assuming that person's identity. It is a method to gain access to resources or obtain credit and other benefits in that person's name. The victim of identity theft (here meaning the person whose identity has been assumed by the identity thief) can suffer adverse consequences if they are held responsible for the perpetrator's actions. Identity theft occurs when someone uses another's personally identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes.

Some common ways identity thieves access your information include:

• A stolen wallet or credit cards
• Documents or receipts in the trash
• Phone or email scams
• Hacking unsecured computers and wireless networks 

  Consider these tips to help keep your personal information safe and secure and protect you from identity theft:

• Create Strong Passwords and Update them Frequently: Avoid easy guess passwords like "password", "123456", etc. Choose a very strong password which is having Capital letter, special character, numbers. Change the password frequently. Dont relieve your password on any form filling sites.


• Be Aware of What You Share: Now a days Social networks like facebook, google plus,twitter,linkedin becoming more popular. Dont relieve your personal information such as phone number,contact details, address, pan card number, credit card number on social networks. Thief's can make bad use of it.


• Keep Sensitive Personal and Financial Documents Secure: Generally people store their personal and financial information on their computer. Make sure your computer has good antivirus software and a firewall. Update your browser and secure your wireless network.


• Protect Your Mobile Device: People who are using smart phones make sure that apps that you download, that is from a reputed company. Beware when you download bank apps, financial tracker app. Please read reviews and service provider before downloading it.


• Don’t Fall for Phishing Scams: Emails claiming that it has came from a bank and asking you to click on a link to fill personal informations. Don't click on such links.Trustworthy companies never ask your information without asking you to signing into your account behind a secure firewall. Beware of these.

Note: If you feel that your identity has stolen, please change your passwords immediately. and file a complaint.

10 Top Countries that Censor The INTERNET

These countries censor The Public Internet in such a way that will make you wonder on how surveillance has developed in recent years around the world.

10 Top countries that strictly Censors the Internet :

1.  North Korea
2. Iran
3. China
4. Saudi Arabia
5. Sudan
6. Bahrain
7. Syria
8. Cuba
9. Vietnam
10. Turkmenistan

In Most of the countries of the world Information Security is given a top priority. By Safeguarding Information Security, countries protect their privacy and confidential data is always protected.