Term:Penetration Testing

From FISMApedia
Revision as of 00:59, 27 October 2009 by DanPhilpott (talk) (1 revision)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

CNSSI 4009

Penetration Testing - Security testing in which evaluators attempt to circumvent the security features of a system based on their understanding of the system design and implementation.

DoDI 8560.01

Penetration Testing - Security testing in which evaluators attempt to circumvent the security features of a system based on their understanding of the system design and implementation. E2.11.

GAO-09-232G

Penetration Testing - Security testing in which evaluators attempt to circumvent the security features of a system based on their understanding of the system design and implementation.

NIST IR 7328 Draft

Penetration Testing - A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system.

NIST SP 800-115

Penetration Testing - Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.

NIST SP 800-53A

Penetration Testing - A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system.

NIST SP 800-53r3

Penetration Testing - A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.

NIST SP 800-95

Penetration Testing - A method of testing where testers target individual binary components or the application as a whole to determine whether intra or intercomponent vulnerabilities can be exploited to compromise the application, its data, or its environment resources. (Department of Homeland Security, Security in the Software Lifecycle: Making Software Development Processes-and Software Produced by Them-More Secure Version 1.0, https://buildsecurityin.us- cert.gov)

Retrieved from "http://fismapedia.org/index.php?title=Term:Penetration_Testing&oldid=41529"