Chapter 26. Validating Your Security


  • Understanding the importance of validating and testing the security of an organization

  • Understanding the difference between a security assessment and a penetration test

  • Identifying the tools and techniques used to test the security of a network

  • Determining the method attackers use to break into a system

Systems are complex and there's a good chance that any computer connected to a network has vulnerabilities that could potentially be broken into. Because any system connected to a network will most likely be scanned by an attacker, its potential for compromise is high. You have to stay one step ahead of the attacker. Therefore, it's critical that organizations perform penetration testing of their networks to better identify and proactively fix vulnerabilities.

In this chapter we'll learn about the various types of tests that can be performed and how they can be used to increase the overall security of a network. We'll also learn how attackers break into systems and use this knowledge to build more effective testing techniques.


Everyone has used or heard the buzzwords "penetration test" or "security assessment." Some even view the terms as synonymous. This section is going to identify the differences in the two types of tests and how they can be used to complement each other for the overall security of your network.

Penetration test

At the most basic level, a penetration test ("pen test"), red team exercise, and ethical hacking are ...

Get Network Security Bible, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.