paint-brush
What Is Penetration Testing and How It’s Doneby@Velez
660 reads
660 reads

What Is Penetration Testing and How It’s Done

by HannahOctober 23rd, 2019
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Penetration testing (also known as pentesting) is a form of ethical hacking. It involves breaking into a computer system, network, or web application to find security vulnerabilities that could be exposed by hackers. The process itself happens in the following way: the pentester gathers information about the target network; they identify possible entry points; then, they break into the network and report their findings. In this article, we take a deeper look at the stages of penetration testing. We also explain how certain stages can be simplified using handy new internet tools.

Company Mentioned

Mention Thumbnail
featured image - What Is Penetration Testing and How It’s Done
Hannah HackerNoon profile picture

Penetration testing (also known as pentesting) is a form of ethical hacking. It involves breaking into a computer system, network, or web application to find security vulnerabilities that could be exposed by hackers.

Pentesting can be performed manually. It can also be automated using sophisticated software applications. The process itself happens in the following way: the pentester gathers information about the target network; they identify possible entry points; then, they break into the network and report their findings once the test is finished.

In this article, we take a deeper look at the stages of penetration testing. We also explain how certain stages can be simplified using handy new internet tools. 

Penetration Testing Stages 

There are five main stages of penetration testing, as outlined below.


1. Planning and Reconnaissance

The first stage is one that newcomers often skip. However, planning and reconnaissance are essential to set up the pentesting process.

This stage involves:
  • Fully defining the scope and the goals of the test, indicating the systems to be addressed and testing methods to be implemented.
  • Gathering intelligence (like network and domain names, mail servers) for a better understanding of how the target system works and what are its potential vulnerabilities.
  • The preparation stage can be significantly simplified by using the Spyse search engine. This is a new and convenient search engine used for gathering information from all layers of the internet.

    2. Scanning

    After the goals have been defined and the intelligence gathered, it’s time to analyze the target application. This is done to see how the application will respond to different intrusion attempts.

    There are two types of analysis:
    • Static analysis — is a type of analysis where the pentester inspects an application’s code to understand how it will behave while running. With the right tools, you can scan the entire code in a single pass.
    • Dynamic analysis — is a type of analysis where the pentester inspects the code of an application while it is running. Scanning like this is more practical as it gives a view of the real-time performance of the app.

    3. Gaining Access

     After successful scanning, the pentester proceeds to gain access to the network. This stage usually involves web application attacks like cross-site scripting, SQL injection and backdoors, and other ways of exposing the target’s vulnerabilities. After identifying weak points, pentesters try to exploit found vulnerabilities by escalating privileges, stealing data, intercepting traffic, etc. They act like a hacker would, to fully understand the damage they can cause.

    While performing this stage, you might also require some tools to help you.

    For example John the Ripper, is one of the most reliable password cracker of all time. Also, you might want to take a look at is sqlmap. This is a cyber-sec tool written in Python that assist security researchers and pentesters in launching SQL code injection tests against remote hosts.

    4. Maintaining Access

    Some hackers seek to achieve persistent presence in the system, staying there for months to steal an organization’s most private and sensitive data. During the fourth stage of pentesting, the security specialist mimics this procedure to see if a particular vulnerability allows them to stay undetected in the system for prolonged periods of time.

    5. Analysis

    After the penetration test is done, the results are gathered into a report.

    The report details:
    • Specific vulnerabilities found and exploited during the test;
    • Sensitive data that was breached;
    • How long the pentester remained in the system without being detected;

    Security personnel analyze this data to help configure the WAF settings of an enterprise, as well as other application security solutions. Their goal is to patch up the system’s vulnerabilities to protect it against future attacks.

    Penetration Testing Methods

    There are several different penetration testing methods. The security expert usually picks the methods best suited for each individual case. Some methods are more complex than others and require more time and money to complete.

    These methods are listed below: 

    External Testing

    External penetration testing involves targeting the assets of a company which are visible to the internet. This includes the web application, company website, email, and domain name servers (DNS). This information usually contains valuable data which often sought out by hackers.

    Internal Testing

    Internal testing is done by mimicking an attack from inside the firewall. In this type of testing, the pentester assumes the role of an authorized user with standard access privileges. The goal of internal testing is to see how much damage an authorized user (like an irritated employee) can cause to the network.

    Blind Testing

    In blind testing, the security expert takes the identity of a real attacker who uses publicly available information on the company, like its name and location. With this scarcity of information, the supposed attacker has to perform lots of reconnaissance before carrying out the attack. This takes up a lot of time, putting blind testing on the expensive side of this list. 

    Double-blind Testing

    In double-blind testing, the security staff is not notified on when the attack will happen. This puts them on high alert, always keeping an eye out for attacks. Like in blind testing, the supposed attacker only knows publicly available information about the company. 

    Targeted Testing

    And finally, there’s targeted testing. Targeted testing is done in collaboration with the IT team and the penetration testing team. In this approach, everyone can see the test being carried out and analyse the results. In the tech world, we refer to this as the lights-turned-on approach.