On the second week, I learned about many terms that are used in security. These terms include Kali Linux Testing Technology, OSSTTM and OWASP, Black Box and White Box and Gray Box methodology as well as Blue Team and Red Team. I also learned about the differences between vulnerability assessment and penetration testing.
Black Box method: This is when the testers are not given any information about the target so they have to attack blindly. The advantage of having a test with black box method is that the company can foresee how people from outside the company attacks. The report of this test will show the weakest point of the company’s system.
White Box method: This is when the testers are given all the information about the target, including the network topology and technology used. Having all the information served on a silver platter makes the job easier for testers because they would not be so blind about the target. The advantage of having this is that it can be efficient in terms of time for the tester so the tester will be able to do the job optimally. Also, the tester will be able to report the full damage of the penetration.
Gray Box method: As the name portrays, this is a hybrid between the Black Box and White Box model. It is when the tester has partial information about the company. The advantage of this is that the company can foresee if a staff is trying to hack into the system.
Blue team: Blue team is the internal team. They are the ones who know the system and they have to defend it. They are expected to prepare for attacks.
Red team: The Red team attacks the system. They are expected to find vulnerabilities and exploit them.
In addition to that, I also learned about the importance of the laws of security. Mr. Lim told us that we should be aware of the laws because different countries have different laws. For instance, in Singapore, even port scanning is considered a threat. However, in Indonesia, it is still ok. That is because the security law in Indonesia is not as thorough as the security laws in other countries.