Like this study set? Create a free account to save it.

Sign up for an account

Already have a Quizlet account? .

Create an account

Hands-On Ethical Hacking and Network Defense 2nd Edition

Penetration-Testing Methodologies

1. Black Box
2. White Box
3. Gray Box

Computer Fraud Abuse Act

This law makes it a federal crime to access classified information or financial information without authorization.


Anti spam

Electronic Communication Privacy Act

These laws make it illegal to intercept any communication, regardless of how it was transmitted.

Certified Ethical Hacker (CEH)

A certification designated by the EC-Council.

Certified Information Systems Security Professional (CISSP)

Non-vendor-specific, certification issued by the International Information Systems Security Certification Consortium Inc. (ISC2)


Hackers who break into systems with the intent of doing harm or destroying data.

ethical hackers

Users who attempt to break into a computer system or network with the owner's permission.

Global Information Assurance Certification (GIAC)

An organization founded by the SANS Institute in 1999 to validate the skills of security professionals. GIAC certifications encompass many areas of expertise in the security field.

gray box model

A hybrid of the black box and white box models for penetration testing. In

other words

the company might give a tester some information about which OSs are running but not provide any network topology information (diagrams of routers, switched, switches, intrusion detection systems firewalls, and so forth).


A user who attempts to break into a computer system or network without authorization fromt he owner

Institute for Security and Open Methodologies (ISECOM)

A nonprofit organization that provides training and certification programs for security professionals.

Open Source Security Testing Methodology Manual (OSSTMM)

This security manual developed by Peter Herzog has become one of the most widely used security-testing methodologies to date.

OSSTMM Professional Security Tester (OPST)

An ISECOM-designated certification for penetration and security testers. See also Institute for Security and Open Methodologies (ISECOM).

Packet monkeys

A derogatory term for unskilled crackers or hackers who steal program code and use it to hack into network systems instead of creating the programs themselves.

penetration test

In this test a security professional performs an attack on a network with permission from the owner to discover vulnerabilities; penetration testers are also called ethical hackers.

red team

A group of penetration testers who work together to break into a network.

script kiddies

Similar to packet monkeys, a term for unskilled hackers or crackers who use scripts or programs written by others to penetrate networks.

security test

In this test, security professionals do more than attempt to break into a

network; they also analyze security policies and procedures

report vulnerabilities to management and recommend solutions

SysAdmin Audit Network Security (SANS) Institute

Founded in 1989 this organization conducts training worldwide and offers multiple certifications through GIAC in many aspects of computer security and forensics.

white box model

A model for penetration testing in which testers can speak with company staff and are given a full description of the network topology and technology.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions and try again


Reload the page to try again!


Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

Voice Recording