Phases of Penetration Testing

Ankita Sinha
2 min readJun 11, 2022

--

Namaste🙏 I’m Ankita Sinha, an Associate Anayst in Information Security field. Currently working for a product based cyber security company. You can connect with me on LinkedIn, and Github.

A penetration tester simulates an adversary who is motivated to launch an attack. Following these steps usually results in what they do:

1. Reconnaissance: For the purpose of attacking the target, gather as much information as possible about the target from public and private sources. There is more than one way to gather information from websites, domain registration information, passive network scans, social engineering, and even dumpster diving. This information aids the penetration tester in mapping out potential vulnerabilities of the target. If the scope and objectives of the penetration test are clear, you may only need someone to explain the functionality of the system over the phone.

2. Scanning: In the case of a penetration test, tools are used to scan the target website or system for possible weaknesses, such as insecure open services, application security issues, and open-source vulnerabilities. When penetration testers conduct reconnaissance and perform testing, they use different tools depending on what they find. Typically, this is accomplished by using:

§ Static analysis: The process of examining an application’s code in order to estimate how it is going to behave during execution. In a single scan, these tools cover the entire code.

§ Dynamic analysis: The process of inspecting the code of an application as it is running. It provides a real-time view of an application’s performance, making it a more practical way to scan for vulnerabilities.

3. Gaining access: In order to gain access to your sensitive data, change, or delete it, move funds, or simply destroy your reputation, attackers have varied motivations. A penetration tester must assess which tools and techniques are best suited to each test case in order to gain access to your system, whether it’s through an attack such as a SQL injection, Denial of Service, malware, social engineering, or other means.

4. Maintaining access: A penetration tester gains access to a target, and their simulated attack must remain connected long enough for them to accomplish their objectives, either eavesdropping or modifying data. The goal is to demonstrate the potential impact.

5. Analysis: A report is then compiled that details the results of the penetration test:

§ Identifying specific vulnerabilities and exploiting them.

§ Gaining access to sensitive data.

§ Duration of the pen tester’s undetected presence in the system.

In order to patch vulnerabilities and prevent future attacks, security personnel analyzes the information to configure an enterprise’s settings and use other application security solutions.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Ankita Sinha
Ankita Sinha

Written by Ankita Sinha

I am Ankita Sinha, a Security Analyst. I am a visionary, learner, and explore new technologies. My interest lies in data science and cyber security.

No responses yet

Write a response