{"id":15141,"date":"2024-05-11T07:30:20","date_gmt":"2024-05-11T00:30:20","guid":{"rendered":"https:\/\/fpt-is.com\/en\/?post_type=goc_nhin_so&p=15141"},"modified":"2024-05-16T09:34:04","modified_gmt":"2024-05-16T02:34:04","slug":"penetration-testing-vaccine-for-the-digital-economy","status":"publish","type":"goc_nhin_so","link":"https:\/\/fpt-is.com\/en\/insights\/penetration-testing-vaccine-for-the-digital-economy\/","title":{"rendered":"Penetration Testing \u2013 Vaccine for the digital economy"},"content":{"rendered":"

Penetration testing (Pentesting) is an important field in the cyber security industry and plays a crucial role in securing systems and data from increasingly sophisticated cyber attacks.<\/em><\/span><\/p>\n

The history of Penetration Testing (Pentesting)<\/strong><\/span><\/h2>\n

Few are aware that pentesting was originated from “phreaking” activities in the 1960s.<\/span><\/p>\n

In the 1960s, the blossoming of telecommunications and computing technology in the United States marked a new era and has forever changed the lives of people ever since. Methods of communication and information exchange between people (telephone, radio, etc.) and computing machines made great progress. All of these technologies were commercialized, making them accessible and usable to anyone.<\/span><\/p>\n

This was also the time when exploits began, and is considered the origin of what we now call \u201chacking\u201d. Hacking was started by a small group of telephone network users. After a period of use and observation, they discovered a number of vulnerabilities in the telephone network’s switching system, which allowed them to perform multiple actions such as: call spoofing, free calling, eavesdropping, information theft, etc. These acts were quickly spread and shared with many others (although they are illegal now, these acts were not prohibited at that time as no relevant laws were enacted yet). From there, people who shared the same passion and extensive knowledge of this exploitation gathered, formed a community and engaged in it enthusiastically. The term \u201cphreaking\u201d was created to define exploitation actions, and those who performed these actions call themselves \u201cphreakers\u201d.<\/span><\/p>\n

\"\u1ea2nh<\/span><\/p>\n

The photo depicts the Phreaking activity of a group of phreakers in 1971 taken by Bob Gudgel (Wired magazine)<\/em><\/span><\/p>\n

In the early 1970s, as Phreaking activities flourished, some phreaker groups developed specialized devices for automated exploitation and sold them to general users. This caused significant damage to telecommunications networks. The US Government and the US Department of Defense identified this as a criminal act. However, they also acknowledged potential risks related to national security and defense, as well as extensive effects in the near future. The US government and companies thus joined hands to establish and sponsor groups called “Tiger teams”. The mission of these groups was to research network\/computer systems to find and figure out ways to exploit vulnerabilities or risks, before they were discovered by any phreaker groups or anyone else. The term \u201cPenetration Testing\u201d was consequently created, and is nowadays referred to as \u201cpen-testing\u201d or \u201cpentest\u201d.<\/span><\/p>\n

Talking about pentesting without mentioning James P. Anderson would be a mistake. He is a computer scientist and security expert, who developed a comprehensive and refined process that enabled ‘tiger teams’ to operate more professionally and increase the effectiveness of pentesting activities. Today, this process is still considered a foundation model. Thanks to those great contributions, \u00b7 James P. Anderson \u00b7is widely known as the father of pentesting.<\/span><\/p>\n

From the beginning of phreaking, the field of pentesting in particular, and security in general, has grown to become an integral part of all organizations, from governments to enterprises, as humanity enters a new era of the digital economy.<\/span><\/p>\n

The application of pentesting has widely spread across various fields, from the military to commercial businesses. Pentesting techniques and tools are constantly evolving, helping to improve the efficiency and accuracy of system security assessment.<\/span><\/p>\n

The importance and benefits of Pentesting in the era of digital economy<\/strong><\/span><\/h2>\n

In the digital economy era, in which data becomes a valuable asset and cybercrime increases, pentesting becomes more crucial than ever. In particular, for important systems\/products that contain sensitive information, pentesting will usually be conducted continuously from the beginning until the end of the product\u2019s life cycle.<\/span><\/p>\n

\"M\u00f4<\/span><\/p>\n

Description of the penetration testing process (Source: Cobalt.io).<\/em><\/span><\/p>\n

Nowadays, pentesting plays an essential role in protecting businesses from cyber attacks, including:<\/span><\/p>\n