Week 5: Continuing Research
Hello, everyone! This week, I continued my research on past studies about IT security testing. However, while doing so, I came across some useful resources.
One of these resources was the National Vulnerability Database. The NVD was created by NIST (National Institute for Standards of Technology), and is basically a repository of various vulnerability management standards that need to be met by all corporations. It contains a list of all vulnerabilities that have been reported in computer systems, adding new vulnerabilities as they are found. I have found the NVD to be the most useful resource available to me, as going through it has helped me learn what I should expect to see when conducting a pentest and how I determine which vulnerabilities are which.
Another useful resource that I came across was the SEC website. I learned that it can be used by a pentester to look up information on a company that hired them. One thing that pentesters must do is discuss with the corporation that hired them about the boundaries that need to be set. Corporations need to tell which networks are allowed to be tested and which are not. If pentesters fail to follow the rules, they will get in trouble. This is one major limitation of pentesting, as not all necessary information is provided to successfully conduct tests. With the SEC website, though, pentesters can look up what they’re allowed to know on corporations.
These resources have given me insight into what I will be looking for when conducting pentests, as well as the limitations of my project.