1
00:00:00,500 --> 00:00:04,340
‫So first things first, what is the penetration test?

2
00:00:05,480 --> 00:00:10,970
‫To answer this question, I would like to show you three definitions from three different resources,

3
00:00:11,750 --> 00:00:12,860
‫talk about reconnaissance.

4
00:00:14,300 --> 00:00:16,160
‫The first one is from Wikipedia.

5
00:00:17,050 --> 00:00:26,350
‫The definition of penetration test in Wikipedia is as follows, and I quote, an attack on a computer

6
00:00:26,350 --> 00:00:34,720
‫system with the intention of finding security weaknesses, potentially gaining access to it, its functionality

7
00:00:35,110 --> 00:00:36,820
‫and data, end quote.

8
00:00:37,630 --> 00:00:43,990
‫Now, I want you to pay attention to the words with the attention of finding security weaknesses.

9
00:00:44,470 --> 00:00:44,790
‫Mm hmm.

10
00:00:45,980 --> 00:00:55,820
‫Second definition is from the CISSP preparation guidebook, and I quote, A pen test can determine how

11
00:00:55,820 --> 00:01:03,050
‫a system reacts to an attack, whether or not a system of defenses can be breached and what information

12
00:01:03,050 --> 00:01:04,900
‫can be acquired from the system.

13
00:01:06,530 --> 00:01:12,460
‫Now, the words that I want to emphasize here are how a system reacts to an attack.

14
00:01:13,680 --> 00:01:19,290
‫And the last definition is from another book, it's called Penetration Testing, Protecting Networks

15
00:01:19,290 --> 00:01:20,280
‫and Systems.

16
00:01:20,910 --> 00:01:28,080
‫And I quote, Ben, testing is the simulation of an attack on a system network piece of equipment or

17
00:01:28,080 --> 00:01:35,940
‫other facility with the objective of proving how vulnerable that system or target would be to a real

18
00:01:35,940 --> 00:01:37,370
‫attack, end quote.

19
00:01:38,630 --> 00:01:42,830
‫We want you to notice the words here, this simulation of an attack.

20
00:01:44,250 --> 00:01:51,690
‫So my take on this, since you're asking, is basically bringing a few of these selected parts of the

21
00:01:51,690 --> 00:02:01,320
‫previous definitions together, so my definition penetration test or pen test is the attack simulation

22
00:02:01,320 --> 00:02:10,770
‫on IT systems with the intention of finding security weaknesses to determine how systems react to these

23
00:02:10,770 --> 00:02:11,500
‫weaknesses.

24
00:02:11,910 --> 00:02:12,690
‫See what I mean?