What is the process of Pen Testing?

  1. Home
  2. What is the process of Pen Testing?

What are the six stages of Penetration Testing?

Penetration testing can be broken down into six stages:

  • Reconnaissance: Gathering information on the target to be used to better attack the target. For example, using google hacking to find data that can be used in a social engineering attack.
  • Scanning: Using technical tools to gain further knowledge of the target’s externally facing assets, e.g. using Nmap to scan for open ports.
  • Gaining access: Using the data gathered in the reconnaissance and scanning phases, the pen tester can deliver a payload to exploit the target. For example, Metasploit can be used to automate attacks on known vulnerabilities like those listed on CVE.
  • Maintaining access: After gaining access, the pen tester may take steps to gain persistent access to the target in order to extract as much data as possible.
  • Covering tracks: The final step is to clear any trace of their access by deleting audit trails, log events, etc.
  • Reporting: Outlines the findings, providing a vulnerability assessment with suggested remediation steps