Penetration Testing (PenTest) is one of the most crucial processes followed by almost all organizations to unearth any hidden vulnerabilities either present in the systems or applications. It involves breaking the system and reporting any issues found to concerned operation team to fix. This helps organizations to enhance their security posture and reduce the attack surface. It is a multi-stage process and each stage has its own significance. The stages have been discussed below in brief.
Reconnaissance: This is the very first step and one of the most crucial step. In this stage, the target system/application is identified. The main focus of this stage is on information gathering. This is done to ensure that in subsequent steps, information is required information is present. There are many open source/commercial tools which can be used. The intelligence gathered is used in further steps.
Scan/Enumeration: This is the second stage where gathered intelligence is used in enumerating the systems/applications profile. While performing activities, systems/applications are enumerated for open ports, running services, os/application version details etc.
Gaining Access: The attacks are made to gain access to systems/applications. Previous two steps help in determining existing vulnerabilities which facilitates the access.
Maintaining Access: This is the fourth step where testers try to maintain persistent access to verify if APT attacks can happen against systems/applications.
Exploit: This is the last step where vulnerability which was exposed, is exploited and a report is made for Proof of Concept purpose. The same will be shared with the operation team so that they can reproduce the vulnerability and work on the fix.
Plagiarism Score: 0% Calculated from SmallSEOTools
InfosecVidya 
Leave a Reply