What Is Penetration Testing and How It’s Done
Penetration testing (also known as pentesting) is a form of ethical hacking. It involves breaking into a computer system, network, or web application to find security vulnerabilities that could be exposed by hackers.
Pentesting can be performed manually. It can also be automated using sophisticated software applications. The process itself happens in the following way: the pentester gathers information about the target network; they identify possible entry points; then, they break into the network and report their findings once the test is finished.
In this article, we take a deeper look at the stages of penetration testing. We also explain how certain stages can be simplified using handy new internet tools.
Penetration Testing Stages
There are five main stages of penetration testing, as outlined below.
1. Planning and Reconnaissance
The first stage is one that newcomers often skip. However, planning and reconnaissance are essential to set up the pentesting process.
This stage involves:Fully defining the scope and the goals of the test, indicating the systems to be addressed and testing methods to be implemented.Gathering intelligence (like network and domain names, mail servers) for a better understanding of how the target system works and what are its potential vulnerabilities.
The preparation stage can be significantly simplified by using the Spyse
search engine. This is a new and convenient search engine used for gathering information from all layers of the internet.
After the goals have been defined and the intelligence gathered, it’s time to analyze the target application. This is done to see how the application will respond to different intrusion attempts.
There are two types of analysis:
- Static analysis — is a type of analysis where the pentester inspects an application’s code to understand how it will behave while running. With the right tools, you can scan the entire code in a single pass.
- Dynamic analysis — is a type of analysis where the pentester inspects the code of an application while it is running. Scanning like this is more practical as it gives a view of the real-time performance of the app.
3. Gaining Access
After successful scanning, the pentester proceeds to gain access to the network. This stage usually involves web application attacks like cross-site scripting, SQL injection and backdoors, and other ways of exposing the target’s vulnerabilities. After identifying weak points, pentesters try to exploit found vulnerabilities by escalating privileges, stealing data, intercepting traffic, etc. They act like a hacker would, to fully understand the damage they can cause.
While performing this stage, you might also require some tools to help you.
For example John the Ripper
, is one of the most reliable password cracker of all time. Also, you might want to take a look at is sqlmap
. This is a cyber-sec tool written in Python that assist security researchers and pentesters in launching SQL code injection tests against remote hosts.
4. Maintaining Access
Some hackers seek to achieve persistent presence in the system, staying there for months to steal an organization’s most private and sensitive data. During the fourth stage of pentesting, the security specialist mimics this procedure to see if a particular vulnerability allows them to stay undetected in the system for prolonged periods of time.
After the penetration test is done, the results are gathered into a report.
The report details:
- Specific vulnerabilities found and exploited during the test;
- Sensitive data that was breached;
- How long the pentester remained in the system without being detected;
Security personnel analyze this data to help configure the WAF settings of an enterprise, as well as other application security solutions. Their goal is to patch up the system’s vulnerabilities to protect it against future attacks.
Penetration Testing Methods
There are several different penetration testing methods. The security expert usually picks the methods best suited for each individual case. Some methods are more complex than others and require more time and money to complete.
These methods are listed below:
External penetration testing involves targeting the assets of a company which are visible to the internet. This includes the web application, company website, email, and domain name servers (DNS). This information usually contains valuable data which often sought out by hackers.
Internal testing is done by mimicking an attack from inside the firewall. In this type of testing, the pentester assumes the role of an authorized user with standard access privileges. The goal of internal testing is to see how much damage an authorized user (like an irritated employee) can cause to the network.
In blind testing, the security expert takes the identity of a real attacker who uses publicly available information on the company, like its name and location. With this scarcity of information, the supposed attacker has to perform lots of reconnaissance before carrying out the attack. This takes up a lot of time, putting blind testing on the expensive side of this list.
In double-blind testing, the security staff is not notified on when the attack will happen. This puts them on high alert, always keeping an eye out for attacks. Like in blind testing, the supposed attacker only knows publicly available information about the company.
And finally, there’s targeted testing. Targeted testing is done in collaboration with the IT team and the penetration testing team. In this approach, everyone can see the test being carried out and analyse the results. In the tech world, we refer to this as the lights-turned-on approach.
Subscribe to get your daily round-up of top tech stories!