An experienced cybersecurity specialist, Wayne Nordstrom serves as an IT security and vulnerability program manager at Blue Cross Blue Shield in Boston, where he oversees the development of plans for the program's continuous improvement. Wayne Nordstrom possesses expertise in penetration testing.
Also called “pen test,” penetration testing evaluates software for vulnerabilities and hidden loopholes that can be exploited by a malicious party to degrade the efficiency of software, disable it, or gain unauthorized access to information and control. Penetration testing is performed to help strengthen a web application firewall (WAF), which acts like a security official for a website and prevents malicious data or commands from entering front-end or back-end servers.
A pen test simulates the types of attacks that malicious hackers would most likely use. If the simulated attack successfully bypasses the WAF, the firewall can then be improved to remove the vulnerability. For example, a pen test may subject the firewall to a code injection attack, which is a malicious program that changes the behavior or features of a website. If such an attack were able to bypass the firewall, the website would change or malfunction, depending on the injected code. The IT security team prepares the firewall to repel such attacks in the future.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.