{"id":76959,"date":"2020-01-21T17:24:20","date_gmt":"2020-01-21T11:54:20","guid":{"rendered":"https:\/\/www.vskills.in\/certification\/tutorial\/?p=76959"},"modified":"2024-04-12T14:24:00","modified_gmt":"2024-04-12T08:54:00","slug":"penetration-testing","status":"publish","type":"page","link":"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/","title":{"rendered":"Penetration Testing"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.vskills.in\/certification\/tutorial\/white-hat-hacking-tutorials\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to Tutorial<\/a><\/p>\n\n\n<p><strong>Planning<\/strong><\/p>\n<p>It is a process of creating one or more detailed plans to achieve optimum balance of demands with the available resources. The planning process involves following actions in sequence \u2013<\/p>\n<ul>\n<li>Identifies the goals or objectives to be achieved<\/li>\n<li>Formulates strategies to achieve them<\/li>\n<li>Arranges or creates the means required<\/li>\n<li>Implements, directs, and monitors all steps in their proper sequence.<\/li>\n<\/ul>\n<p>Planning an hacking attack evaluates existing business processes, how they relate to a new business endeavor, and to make choices on which characteristics are worth doing and those in which you\u2019re not willing to accept risk.<\/p>\n<p>Existing security policies, culture, laws and regulations, best practices, and industry requirements will drive many of the inputs needed to make decisions on the scope and scale of a test. Arguably, the planning phase of a penetration test will have a profound influence on how the test is performed and the information shared and collected, and will directly influence the deliverable and integration of the results into the security program.<\/p>\n<p>Planning describes many of the details and their role in formulating a controlled attack. Security policies, program, posture, and ultimately risk all play a part in guiding the outcome of a test. What drives a company\u2019s focus on security, its core business needs, challenges, and expectations will set the stage for the entire engagement.<\/p>\n<p><strong>Maintain Anonymity<\/strong><\/p>\n<p>Anonymity is the quality or state of being unknown or unacknowledged.<\/p>\n<p>Various techniques are used for being anonymous which usually includes<\/p>\n<ul>\n<li>Hacking and using open or unsecured wireless networks usually in residential buildings<\/li>\n<li>Making use of anonymous or disposable e-mail accounts from free e-mail services<\/li>\n<li>Using infected computers or zombies or bots (at other organizations)<\/li>\n<li>Using borrowed or stolen remote desktop and VPN accounts<\/li>\n<li>Using public computers at libraries, schools, etc.<\/li>\n<li>Using internet proxy servers or anonymizer services<\/li>\n<li>Workstations or servers on the victim\u2019s own network<\/li>\n<\/ul>\n<p><strong>Goal setting<\/strong><\/p>\n<ul>\n<li>Define more specific goals. Align these goals with your business objectives. What are you and the management trying to get from this process? What performance criteria will you use to ensure you\u2019re getting the most out of your testing?<\/li>\n<li>Create a specific schedule with start and end dates as well as the times your testing is to take place. These dates and times are critical components of your overall plan.<\/li>\n<\/ul>\n<p><strong>Target System Identification<\/strong><\/p>\n<p>You might decide which systems to test based on a high-level risk analysis, answering questions such as<\/p>\n<ul>\n<li>What are your most critical systems? Which systems, if accessed without authorization, would cause the most trouble or suffer the greatest losses?<\/li>\n<li>Which systems appear most vulnerable to attack?<\/li>\n<li>Which systems crash the most?<\/li>\n<li>Which systems are not documented, are rarely administered, or are the ones you know the least about?<\/li>\n<\/ul>\n<p>After you\u2019ve established your overall goals, decide which systems to test. This step helps you define a scope for your ethical hacking so that you establish everyone\u2019s expectations up front and better estimate the time and resources for the job. The following list includes devices, systems, and applications that you may consider performing your hacking tests on<\/p>\n<ul>\n<li>Routers and switches<\/li>\n<li>Firewalls<\/li>\n<li>Wireless access points<\/li>\n<li>Web, application, and database servers<\/li>\n<li>E-mail and file servers<\/li>\n<li>Mobile devices (such as phones and tablets) that store confidential information<\/li>\n<li>Workstation and server operating systems<\/li>\n<\/ul>\n<p><strong>Attack Tree Analysis<\/strong><\/p>\n<p>Attack tree provides a way for modeling goals of an attack and alternative ways to achieve that goal. This helps us to study the system from the attackers\u2019 point of view, which may lead us to determine possible ways that the system can be compromised. By assigning cost or probability measures to the nods of attack tree, one can analyze if the attackers efforts worth the value that can be achieved or not, and as a result, this helps analyzing if the system is at risk and vulnerable.<\/p>\n<p>Attack trees are multi-leveled diagrams consisting of one root, leaves, and children. From the bottom up, child nodes are conditions which must be satisfied to make the direct parent node true; when the root is satisfied, the attack is complete. Each node may be satisfied only by its direct child nodes.<\/p>\n<p>A node may be the child of another node; in such a case, it becomes logical that multiple steps must be taken to carry out an attack. For example, consider classroom computers which are secured to the desks. To steal one, the securing cable must be cut or the lock unlocked. The lock may be unlocked by picking or by obtaining the key. The key may be obtained by threatening a key holder, bribing a keyholder, or taking it from where it is stored (e.g. under a mousemat). Thus a four level attack tree can be drawn, of which one path is (Bribe Keyholder,Obtain Key,Unlock Lock,Steal Computer).<\/p>\n<p>Note also that an attack described in a node may require one or more of many attacks described in child nodes to be satisfied. Our above condition shows only OR conditions; however, an AND condition can be created, for example, by assuming an electronic alarm which must be disabled if and only if the cable will be cut. Rather than making this task a child node of cutting the lock, both tasks can simply reach a summing junction. Thus the path ((Disable Alarm,Cut Cable),Steal Computer) is created.<\/p>\n<p>Attack trees can become largely complex, especially when dealing with specific attacks. A full attack tree may contain hundreds or thousands of different paths all leading to completion of the attack. Even so, these trees are very useful for determining what threats exist and how to deal with them.<\/p>\n<p>Attack trees can lend themselves to defining an information assurance strategy. It is important to consider, however, that implementing policy to execute this strategy changes the attack tree. For example, computer viruses may be protected against by refusing the system administrator access to directly modify existing programs and program folders, instead requiring a package manager be used. This adds to the attack tree the possibility of design flaws or exploits in the package manager.<\/p>\n<p>Attack tree for computer viruses. Here we assume a system such as Windows NT, where not all users have full system access. All child nodes operate on OR conditions.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-29855\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/penetration-testing.jpg\" alt=\"penetration-testing\" width=\"350\" height=\"302\"><\/p>\n<p><strong>Structuring, Executing and Reporting Penetration Test<\/strong><\/p>\n<p>Creating Testing Standards<\/p>\n<p>One miscommunication or slip-up can send the systems crashing during your ethical hacking tests. No one wants that to happen. To prevent mishaps, develop and document testing standards. These standards should include<\/p>\n<p>\u2713 When the tests are performed, along with the overall timeline<\/p>\n<p>\u2713 Which tests are performed<\/p>\n<p>\u2713 How much knowledge of the systems you acquire in advance<\/p>\n<p>\u2713 How the tests are performed and from what source IP addresses (if performed across the Internet)<\/p>\n<p>\u2713 What you do when a major vulnerability is discovered<\/p>\n<p>Timing<\/p>\n<p>Make sure that the tests you perform minimize disruption to business processes, information systems, and people. You want to avoid harmful situations such as mis-communicating the timing of tests and causing a DoS attack against a high-traffic e-commerce site in the middle of the day or performing password-cracking tests in the middle of the night. It\u2019s amazing what a 12-hour time difference (2 p.m. during major production versus 2 a.m. during down time) can make when testing your systems! Even having people in different time zones can create issues. Everyone on the project needs to agree on a detailed timeline before you begin. Having the team members\u2019 agreement puts everyone on the same page and sets correct expectations.<\/p>\n<p>If possible and practical, notify your Internet service providers (ISPs) or hosting collocation providers. These providers have firewalls or intrusion detection systems (IDS) or intrusion prevention systems (IPS) in place to detect malicious behavior. If your provider knows you\u2019re conducting tests, it\u2019s less likely to block your traffic.<\/p>\n<p>Running specific tests<\/p>\n<p>You might have been charged with performing a general penetration test, or you may want to perform specific tests, such as cracking passwords or trying to gain access to a web application. Or you might be performing a social engineering test or assessing Windows on the network. However you test, you might not want to reveal the specifics of the testing. Even when your manager or client doesn\u2019t require detailed records of your tests, document what you\u2019re doing at a high level. Documenting your testing can help eliminate any potential miscommunication and keep you out of hot water.<\/p>\n<p>Enabling logging on the systems you test along with the tools you use provides evidence of what and when you test and more. It may be overkill, but you could even record screen actions using a tool such as TechSmith\u2019s Camtasia Studio ( <a href=\"http:\/\/www.techsmith.com\/camtasia.html\">www.techsmith.com\/camtasia.html<\/a>). Sometimes, you might know the general tests that you perform, but if you use automated tools, it may be next to impossible to understand every test you perform completely. This is especially true when the software you\u2019re using receives real-time vulnerability updates and patches from the vendor each time you run it. The potential for frequent updates underscores the importance of reading the documentation and readme files that come with the tools you use.<\/p>\n<p>An updated program once bit me. I was performing an automated assessment on a client\u2019s website \u2014 the same test I performed the previous week. The client and I had scheduled the test date and time in advance. But I didn\u2019t know that the software vendor made some changes to its web form submission tests, and I accidentally flooded the client\u2019s web application, creating a DoS condition.<\/p>\n<p>Blind versus knowledge assessments<\/p>\n<p>Having some knowledge of the systems you\u2019re testing might be a good idea, but it\u2019s not required. But, a basic understanding of the systems you hack can protect you and others. Obtaining this knowledge shouldn\u2019t be difficult if you\u2019re hacking your own in-house systems. If you hack a client\u2019s systems, you might have to dig a little deeper into how the systems work so you\u2019re familiar with them. Doing so has always been my practice and I\u2019ve only had a small number of clients ask for a full blind assessment because most people are scared of them. This doesn\u2019t mean that blind assessments aren\u2019t valuable, but the type of assessment you carry out depends on your specific needs.<\/p>\n<p>The best approach is to plan on unlimited attacks, wherein any test is possible, possibly even including DoS testing. The bad guys aren\u2019t poking around on your systems within a limited scope, so why should you?<\/p>\n<p>Picking your location<\/p>\n<p>The tests you perform dictate where you must run them from. Your goal is to test your systems from locations accessible by malicious hackers or employees. You can\u2019t predict whether you\u2019ll be attacked by someone inside or outside your network, so cover all your bases. Combine external (public Internet) tests and internal (private network) tests.<\/p>\n<p>You can perform some tests, such as password cracking and network-infrastructure assessments, from your office. For external hacks that require net-work connectivity, you might have to go off-site (a good excuse to work from home) or use an external proxy server. Some security vendors\u2019 vulnerability scanners (such as QualysGuard) are run from the cloud, so that would work as well. Better yet, if you can assign an available public IP address to your computer, simply plug in to the network on the outside of the firewall for a hacker\u2019s-eye view of your systems. Internal tests are easy because you need only physical access to the building and the network. You might be able to use a DSL line or cable modem already in place for visitors and similar users.Responding to vulnerabilities you find<\/p>\n<p>Determine ahead of time whether you\u2019ll stop or keep going when you find a critical security hole. You don\u2019t need to keep hacking forever or until you crash all the systems. Just follow the path you\u2019re on until you just can\u2019t hack it any longer (pardon the pun). When in doubt, the best thing to do is to have a specific goal in mind and then stop when that goal has been met.<\/p>\n<p>Selecting Security Assessment Tools<\/p>\n<p>Which security assessment tools you need depend on the tests you\u2019re going to run. You can perform some ethical hacking tests with a pair of sneakers, a telephone, and a basic workstation on the network, but comprehensive testing is easier with hacking tools.<\/p>\n<p>It\u2019s important to know what each tool can and can\u2019t do and how to use each one. I suggest reading the manual and other Help files. Unfortunately, some tools have limited documentation, which can be frustrating. You can search forums and post a message if you\u2019re having trouble with a tool.<\/p>\n<p>Hacking tools can be hazardous to your network\u2019s health. Be careful when you use them. Always make sure that you understand what every option does before you use it. Try your tools on test systems if you\u2019re not sure how to use them. These precautions help prevent DoS conditions and loss of data on your production systems.<\/p>\n<p>Setting the Stage for Testing<\/p>\n<p>In the past, a lot of ethical hacking involved manual processes. Now, certain vulnerability scanners can automate various tasks, from testing to reporting to remediation validation (the process of determining whether a vulnerability was fixed). These tools allow you to focus on performing the tests and less on the specific steps involved. However, following a general methodology and understanding what\u2019s going on behind the scenes will help you.<\/p>\n<p>Ethical hacking is similar to beta testing software. Think logically \u2014 like a programmer, a radiologist, or a home inspector \u2014 to dissect and interact with all the system components to see how they work. You gather information, often in many small pieces, and assemble the pieces of the puzzle. You start at point A with several goals in mind, run your tests (repeating many steps along the way), and move closer until you discover security vulnerabilities at point B.<\/p>\n<p>The process used for ethical hacking is basically the same as the one a malicious attacker would use. The primary differences lie in the goals and how you achieve them. Today\u2019s attacks can come from any angle against any system, not just from the perimeter of your network and the Internet as you might have been taught in the past. Test every possible entry point, including partner, vendor, and customer networks, as well as home users, wireless LANs, and mobile devices. Any human being, computer system, or physical component that protects your computer systems \u2014 both inside and outside your buildings \u2014 is fair game for attack.<\/p>\n<p>When you start rolling with your ethical hacking, keep a log of the tests you perform, the tools you use, the systems you test, and your results. This information can help you do the following &#8211; track what worked in previous tests and why.<\/p>\n<p>Help prove what you did.<\/p>\n<p>Correlate your testing with intrusion detection systems (IDSs) and other log files if trouble or questions arise.<\/p>\n<p>Document your findings.<\/p>\n<p>In addition to taking general notes, taking screen captures (using Snagit or a similar tool) of your results whenever possible is very helpful. These shots come in handy later should you need to show proof of what occurred, and they also will be useful as you generate your final report. Also, depending on the tools you use, these screen captures might be your only evidence of vulnerabilities or exploits when it comes time to write your final report.<\/p>\n<p>&nbsp;<\/p>\n\n\n<p><a href=\"https:\/\/www.vskills.in\/certification\/tutorial\/white-hat-hacking-tutorials\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to Tutorial<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Go back to Tutorial Planning It is a process of creating one or more detailed plans to achieve optimum balance of demands with the available resources. The planning process involves following actions in sequence \u2013 Identifies the goals or objectives to be achieved Formulates strategies to achieve them Arranges or creates the means required Implements,&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"categories":[341],"tags":[8937],"class_list":["post-76959","page","type-page","status-publish","hentry","category-white-hat-hacking-and-security","tag-penetration-testing"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Penetration Testing - Tutorial<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Penetration Testing - Tutorial\" \/>\n<meta property=\"og:description\" content=\"Go back to Tutorial Planning It is a process of creating one or more detailed plans to achieve optimum balance of demands with the available resources. The planning process involves following actions in sequence \u2013 Identifies the goals or objectives to be achieved Formulates strategies to achieve them Arranges or creates the means required Implements,...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/\" \/>\n<meta property=\"og:site_name\" content=\"Tutorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vskills.in\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-12T08:54:00+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/penetration-testing.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/\",\"name\":\"Penetration Testing - Tutorial\",\"isPartOf\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/penetration-testing.jpg\",\"datePublished\":\"2020-01-21T11:54:20+00:00\",\"dateModified\":\"2024-04-12T08:54:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/#primaryimage\",\"url\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/penetration-testing.jpg\",\"contentUrl\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/penetration-testing.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Penetration Testing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"name\":\"Tutorial\",\"description\":\"Vskills - A initiative in elearning and certification\",\"publisher\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\",\"name\":\"Vskills\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"contentUrl\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"width\":73,\"height\":55,\"caption\":\"Vskills\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/vskills.in\/\",\"https:\/\/x.com\/vskills_in\",\"https:\/\/www.linkedin.com\/company-beta\/1371554\/\",\"https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Penetration Testing - Tutorial","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/","og_locale":"en_US","og_type":"article","og_title":"Penetration Testing - Tutorial","og_description":"Go back to Tutorial Planning It is a process of creating one or more detailed plans to achieve optimum balance of demands with the available resources. The planning process involves following actions in sequence \u2013 Identifies the goals or objectives to be achieved Formulates strategies to achieve them Arranges or creates the means required Implements,...","og_url":"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/","og_site_name":"Tutorial","article_publisher":"https:\/\/www.facebook.com\/vskills.in\/","article_modified_time":"2024-04-12T08:54:00+00:00","og_image":[{"url":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/penetration-testing.jpg","type":"","width":"","height":""}],"twitter_misc":{"Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/","name":"Penetration Testing - Tutorial","isPartOf":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/#primaryimage"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/#primaryimage"},"thumbnailUrl":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/penetration-testing.jpg","datePublished":"2020-01-21T11:54:20+00:00","dateModified":"2024-04-12T08:54:00+00:00","breadcrumb":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/#primaryimage","url":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/penetration-testing.jpg","contentUrl":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2016\/05\/penetration-testing.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/penetration-testing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.vskills.in\/certification\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Penetration Testing"}]},{"@type":"WebSite","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","name":"Tutorial","description":"Vskills - A initiative in elearning and certification","publisher":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization","name":"Vskills","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","contentUrl":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","width":73,"height":55,"caption":"Vskills"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/vskills.in\/","https:\/\/x.com\/vskills_in","https:\/\/www.linkedin.com\/company-beta\/1371554\/","https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw"]}]}},"_links":{"self":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/76959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/comments?post=76959"}],"version-history":[{"count":4,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/76959\/revisions"}],"predecessor-version":[{"id":83187,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/76959\/revisions\/83187"}],"wp:attachment":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/media?parent=76959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/categories?post=76959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/tags?post=76959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}