Penetration testing is one of the key tests for the security of the organization data and Information. Thus penetration testing is necessary You can look for what is Penetration testing?if you are not familiar with this
Penetration Testing can be
Within 7 steps
1. Preparation / Pre-Engagement Interaction: Set an objective related to and security issues and visualize what might be the outcome of this test
2. Reconnaissance or information gathering: Finding out as much as possible about the target company and the systems being audited.
3. Discovery or Vulnerability Detection or Threat Modeling: Scan the IP ranges to recognize the open port and vulnerabilities and to learn more about the environment
4. Information Analysis and Planning risk or Vulnerability Analysis: Analyse the found vulnerabilities and plan to attack accordingly. Analyze the risk of the vulnerability and prioritize according to the level of risk
4. Very High
5. Exploitation: use the knowledge of vulnerabilities detected by scan and exploit systems to gain access, either at the operating system or application level. If there is no vulnerabilities found test all systems for weak passwords and gaining access if they do. Try with different network segments, providing the host has multiple network interfaces, such as some machines in the DMZ.
6. Post Exploitation: determines the value of the machine compromised and to maintain control of the machine for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network.
7. Reporting: Generate a report about how did you penetrate and was able to breach the network and the information they were able to access and do provide the detailed analysis according to the risk priority so that Organization can patch up the vulnerability
Clean Up: Never leave a footprint so that others can trace you. Remove and clean the entire task what you have done so that this can be better
In pentest, we can penetrate in 2 ways either by manual testing or by automated tools
• Manual Testing: In this, you manually analyzing the code and script which is executed in the system to find out the vulnerabilities
• Automated tool: In this process, automated tools are present to penetrate into the system. In Automated Pen testing tools, You can view different automated tools and its uses.
If you want to do a penetration test on someone else’s system, we highly recommend that you get written permission. In this case, asking first is definitely better than apologizing later!
• Different types of penetration testing
• Different areas of penetration testing