Dictionary · NIST SP 800-115

Security testing that involves direct interaction with a target, such as sending packets to a target.

The process of capturing banner information—such as application type and version—that is transmitted by a remote port when a connection is initiated.

Testing performed using covert methods and without the knowledge of the organization’s IT staff, but with the full knowledge and permission of upper management.

Security testing conducted from outside the organization’s security perimeter.

Security testing conducted from inside the organization’s security perimeter.

A passive technique that monitors network communication, decodes protocols, and examines headers and payloads for information of interest. It is both a review technique and a target identification and analysis technique.

Analyzing characteristics of packets sent by a target, such as packet headers or listening ports, to identify the operating system in use on the target.

Security testing that does not involve any direct interaction with the targets, such as sending packets to a target.

Security testing performed with the knowledge and consent of the organization’s IT staff.

The process of recovering secret passwords stored in a computer system or transmitted over a network.

Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.

A digital form of social engineering that uses authentic-looking—but bogus—emails to request information from users or direct them to a fake Web site that requests information.

A table of instructions used by a controlled interface to determine what data is allowable and how the data is handled between interconnected systems.

An unauthorized node on a network.

Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions.

The process of attempting to trick someone into revealing information (e.g., a password).

Software that allows a single host to run one or more guest operating systems.

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.