Penetration testing steps


Every day new threats tend to occur where security experts are not expecting them. Naturally an intruder will not spend much time trying to force a well-locked door, but he will look for weak points and vulnerabilities in those information systems where security is not a priority. In combination with negligence and seemingly minor vulnerabilities may end up with serious consequences and in future lead to the system being compromised. The acknowledged way to reduce such risks is to employ penetration testing.

Here we going to list some simple penetration testing steps so you will be able better understand what it is and for what do you need it.

  1. Pre-attack phase: Planning
    • Defining the intruder model (internal or external, with rights and privileges or no)
    • Defining goals, data sources, scope of work and targets
    • Determining the scope of a targeted environment
    • Developing the testing methodology or choosing from available list
    • Defining interaction and communication procedures and issues
    • Penetration testing
  2. Attack phase: Testing
    • Fieldwork, service identification
    • Custom scanning or intrusion tools are developed if needed
    • Vulnerabilities detection and scanning, checking for false positives
    • Vulnerabilities exploit and gaining an unauthorized access
    • Utilization of compromised systems as a springboard for further intrusion
  3. Reporting
  • Result analysis and reporting with recommendations for reducing risks
  • [Optional] Visual demonstration of the damage that can be inflicted to the system by an intruder

Previous articleAbout Web Security
Next articlesqlmap
Penetration Testing & Information Security Specialist, Certified Ethical Hacker. Uladzislau Murashka provides information security and penetration testing services, IDS/IPS implementation and configuration, infrastructure security assessment and hardening, participates in bug bounty programs.