Blaž Berčič (2013) Penetration testing of information systems. EngD thesis.
Abstract
In recent years the expansion of the internet also brought an increase in computer crime. The targets of the attackers are mostly information systems. Companies and individuals, whose work and earnings depend on the smooth functioning of the IT infrastructure, are becoming more and more aware of the problem. In order to protect these systems it is necessary to find and eliminate their vulnerabilities before malicious attackers find and exploit them in order to obtain unauthorized access. The process, which enables us to achieve this, is called penetration testing. The aim of this thesis is to define the penetration test, describe the tools which are used during the test and finally use them to demonstrate intrusion into the information system. In the theoretical part a vulnerability assessment is presented as a part of the penetration test. In this case the penetration tester is considered to be a white-hat hacker. In the next part types and phases of a penetration test are described and some tools are presented that enable us to accomplish the task: Nmap, Nessus, OpenVAS and Metasploit. After the theoretical part these tools are used for demonstration of an attempt to break into an online store. By using the vulnerability scanners information about potential vulnerabilities is obtained and then vulnerability exploitation is achieved by using an appropriate exploit.
Actions (login required)
![[img]](http://eprints.fri.uni-lj.si/style/images/fileicons/application_pdf.png)
