Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Penetration test
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Standardized government penetration test services == The [[General Services Administration]] (GSA) has standardized the "penetration test" service as a pre-vetted support service, to rapidly address potential vulnerabilities, and stop adversaries before they impact US federal, state and local governments. These services are commonly referred to as Highly Adaptive Cybersecurity Services (HACS) and are listed at the US GSA Advantage website.<ref>{{cite web |url= https://www.gsaadvantage.gov/advantage/s/search.do?q=0:2132-45&db=1&searchType=2 |title= GSA HACS SIN 132-45 Services |date= 1 March 2018 |access-date= 1 March 2018 |archive-date= 23 March 2019 |archive-url= https://web.archive.org/web/20190323122222/https://www.gsaadvantage.gov/advantage/s/search.do?q=0:2132-45&db=1&searchType=2 |url-status= dead }}</ref> This effort has identified key service providers which have been technically reviewed and vetted to provide these advanced penetration services. This GSA service is intended to improve the rapid ordering and deployment of these services, reduce US government contract duplication, and to protect and support the US infrastructure in a more timely and efficient manner. 132-45A Penetration Testing<ref>{{cite web |url= http://www.gsaelibrary.gsa.gov/ElibMain/sinDetails.do?executeQuery=YES&scheduleNumber=70&flag=&filter=&specialItemNumber=132+45A |title= Pen Testing Services |date=1 March 2018 |access-date= 1 March 2018 |archive-date= 26 June 2018 |archive-url= https://web.archive.org/web/20180626140009/https://www.gsaelibrary.gsa.gov/ElibMain/sinDetails.do?executeQuery=YES&scheduleNumber=70&flag=&filter=&specialItemNumber=132+45A |url-status= dead }}</ref> is security testing in which service assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network. HACS Penetration Testing Services typically strategically test the effectiveness of the organization's preventive and detective security measures employed to protect assets and data. As part of this service, certified ethical hackers typically conduct a simulated attack on a system, systems, applications or another target in the environment, searching for security weaknesses. After testing, they will typically document the vulnerabilities and outline which defenses are effective and which can be defeated or exploited. In the UK penetration testing services are standardized via professional bodies working in collaboration with National Cyber Security Centre. The outcomes of penetration tests vary depending on the standards and methodologies used. There are five penetration testing standards: Open Source Security Testing Methodology Manual<ref>{{Cite web|title=Open-Source Security Testing Methodology Manual - an overview {{!}} ScienceDirect Topics|url=https://www.sciencedirect.com/topics/computer-science/open-source-security-testing-methodology-manual|access-date=2021-10-13|website=www.sciencedirect.com}}</ref> (OSSTMM), [[Open Web Application Security Project]] (OWASP), [[National Institute of Standards and Technology]] (NIST00), Information System Security Assessment Framework (ISSAF), and Penetration Testing Methodologies and Standards (PTES).
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)