International Journal of Computer Science Trends and Technology (IJCST) – Volume 7 Issue 3, May - Jun 2019 ISSN: 2347-8578 www.ijcstjournal.org Page 55 Effectiveness of Penetration Testing Tools, Cyber Security Prof. Alex Roney Mathew Department of Cyber Security, Bethany College USA ABSTRACT Penetrative testing is one of the oldest network security methods used in evaluating the networks systems security. The defense department has been using it since the 1970s in determining the security weaknesses in computer systems and in the initiation of development programs in coming up with security systems. The organization can use penetration testing in fixing security weaknesses before its security is compromised. Penetrative testing has been beneficial since it provides proper information services and security to the networks systems of an organization. With the help of penetration testing tools, the organization is in a position to reduce its network risks. The penetrative testing main objective is to evaluate the organization's system network security weaknesses. Penetration testing also helps in identifying security incidences and testing employee’s security awareness. Consulting several penetration test tool helps in testing the systems security arrangement and identifying improvements. If done and appropriately reported, the penetration test provides knowledge of all security weaknesses and d the support and information required in removing or reducing the vulnerability. Keywords :- penetrative testing, network security, system security. I. INTRODUCTION The risk of security for organizations, companies, and entities that deal with highly sensitive data is prevalent. In most cases, the companies are not aware of the large and complex communication structure and have little or no control over them. Additionally, the risks become higher after considering software running on their infrastructure. The uncontrolled risks may increase the frequency of security attacks that may lead to significant financial losses. Usually, the security guarantee can achieve through various protection mechanism that includes prevention, response, and detection. Prevention involves stopping the intruders from accessing the systems resources; detection happens when the intruder has had already accessed the systems while the response is the after effect process which response to failure that occurred during the initial two steps. Its principle of operation is trying to prevent loss or future damages to the system (Stewart 76). Assessing the state of security is a necessary and continuous task to help in understanding the real risks. The assessment is done using security tests; therefore, choosing the right method security testing is an essential task in minimizing the existing security risks within any corporation. Penetrative testing is one of the most common methods of assessing systems security risk (Weber et al. 37). Penetrative testing or ethical hacking is the practice undertaken by professional hackers to identify vulnerabilities in a system before hackers attack it. It needs some bit of luck, patience, and smart thinking. Most of the professional hackers require a few particular tools to help them in getting the job done. Some of the assessment tools are freeware, while others need one to pay for a license. Vulnerability assessment process Vulnerability is a flaw in the system. The various reasons for its existence are a coding, weak password, misconfiguration or weak password, etc. attackers strive to identify vulnerability before exploiting it, this process is a systematic and proactive strategy for discovering the vulnerability. It helps in determining unknown issues within the system. It is also a requirement by industrial standards such as DSS PCI for compliance reasons. The scanner helps in conducting a vulnerability assessment. It’s a hybrid process that combines expert analysis with testing. Figure 1: vulnerability assessment process Penetration testing process involves accessing the system security through an attack simulation. It is a systematic and proactive security assessment process. It’s a two-step process. RESEARCH ARTICLE OPEN ACCESS