What has to be done nowadays? Similar diagnostics for non-vulnerability and penetration checking

The harm caused by cyber attacks is rising with the proliferation of telework in the modern corona virus.

This is because it spreads the so-called attack surface, which can be attacked by remote access or bringing in a home-used personal computer. Then the vulnerable “security hole” component tends to remain.

If there is a security hole, it can be punched by an intruder. It is necessary for the person in charge of the business to quickly identify and deal with the hole by security diagnosis as a safety measure. Let’s see what security diagnosis methods are available and which method should be selected.

Difference between diagnosis of weakness and pen test

Protection diagnosis can be narrowly categorized into “vulnerability diagnosis” and “penetration test (pen test)”. In general, with a search tool or a basic command to check for vulnerabilities, checking the response content and behavior is called vulnerability diagnosis.

The pen test, on the other hand, is to set a condition where a security issue occurs as a target, approach the goal by mixing multiple approaches, and identify vulnerabilities in the process.

image source: hitachi

Ryuta Nakagami, General Manager of the Department of Automated Pen Test Program, LAC Security Technical Services Branch, explained, “There are two categories, scan and pen test in the United States, etc To do so In Asian contry, many of the services called pentests overseas are classified as vulnerability diagnosis. For this reason, there is a diagnosis of vulnerability that includes the “pentest” characters.”

Between vulnerability diagnosis and pen testing, there is a difference in the kinds of vulnerabilities that can be found.

The diagnosis of vulnerability primarily seeks established bugs such as applications. Check the program version and requirements that make up the framework, and look for bugs.

Pentestration, on the other hand, identifies in individual systems vulnerabilities caused by combinations as well as vulnerabilities. Occasionally, Internet-leaked login information and human vulnerabilities are also used due to social engineering. The pen test is a detailed search for such vulnerabilities.