THE 6 STEPS OF PENETRATION TESTING
If you’re considering having penetration testing done for your organization, you may be unsure if what you’re getting into. Often the mystery behind what happens during a penetration test can be worrying and daunting, especially if It’s your organization’s first time being tested. The good news is that almost all (if not all) penetration testers follow the same set process and methodology. Templates and proven methodologies allow penetration testers to be thorough and cohesive while finding as many vulnerabilities as possible in the allotted time frame.
What are the steps of penetration testing?
Penetration testing generally follows these steps as part of the process:
Here’s a free template that you can download as an example of what actually happens during a penetration test:
Step 1: Intelligence Gathering
During this phase of a penetration test, penetration testers will use a wide variety of penetration testing tools and resources to gather information on your organization. This can include hands-off resources, like finding open-source information about a company, as well as interacting with your organization in the form of network scans and enumeration. Some of the most popular tools pentesters may use to learn about your organization include:
Search engine queries
Domain name searches/WHOIS lookups
Internet footprints—email addresses, usernames, social networks,
Internal footprints—ping sweeps, port scanning, reverse DNS, packet sniffing
The goal for this step of penetration testing is to be very comprehensive, so there’s often a lot of traffic during this phase that can cause some network congestion for your organization. However, other than this, only your SOC will be able to notice any difference in network traffic.
Step 2: Threat Modeling
This step in the pentesting process makes the test very unique to an organization. Here penetration testers take all the information they have gathered about the company and determine the kinds of attacks to make. Instead of the flashiness usually associated with hacking, like using a fancy tool to “pwn” a network or application, this step is more of a mental check meant to answer three questions about the target company:
Where am I most vulnerable to attack?
What are the most relevant threats?
What do I need to do to safeguard these threats?