9 Testing your systems

This chapter covers

Differentiating and choosing between the different types of penetration tests
Learning how bug bounty programs work and when to use one
Learning why a physical penetration test is important
Differentiating between red and blue teams to learn how they support our organization’s security

We can’t measure or manage risk unless we know about the vulnerabilities in our own software and systems. To do this, we need accurate, timely, and actionable data on vulnerabilities, which means a lot of testing. In the first part of the book, we learned how attackers will exploit some common physical and virtual vulnerabilities. Now let’s learn about the different ways we can find these vulnerabilities ourselves, before the attackers have a chance to exploit them.

9.1 How are vulnerabilities discovered?

We can’t rely on other people to tell us about our vulnerabilities; otherwise, our first knowledge of them is likely to be when they’re exploited by an attacker. In that case, the first we know of a vulnerability is when we’re invited to one of those panicky executive meetings where the fateful words “I think we’ve been hacked” are uttered.

9.1.1 An attacker has exploited a vulnerability

9.1.2 A stranger has found what they think is a vulnerability

9.1.3 A vendor has released a security advisory

9.2 Vulnerability management

9.2.1 Vulnerability life cycle management

9.2.2 Vulnerability scanning workflow

9.3 Break your own stuff: Penetration testing

9.3.1 Defining the scope

9.3.2 Carrying out the test

9.3.3 The report

9.4 Getting expert help: Bug bounties

9.5 Breaking in: Physical penetration testing

9.5.1 Why is physical penetration testing not carried out?

9.5.2 Why does physical penetration testing matter?