A penetration test, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities.
The penetration testing process typically goes through six phases: Planning and Preparation, Discovery, Penetration Attempt and Exploitation, Analysis and Reporting, Clean Up and Remediation, and Retest.
Planning and Preparation:
The first step involves planning and preparation to simulate a malicious attack. Defining the scope and goals of a test, including the systems to be addressed and the testing methods to be used. This attack is designed in a way that helps to gather as much information on the system as possible.
Discovery or Scanning:
During this step the penetration testers gathers information to understand how the target application will respond to various intrusion attempts. Based on the finding of the planning phase, penetration testers use scanning tools to explore the system and network weaknesses.
Penetration Attempt and Exploitation:
Pen testers infiltrate the infrastructure by exploiting security weaknesses. They also attempt to exploit the system further by escalating privileges to demonstrate how deep into the target environments they can go. This stage uses web application attacks, such as cross-site scripting, SQL injection and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit these vulnerabilities.
Analysis and Reporting:
During this step the penetration tester/s gather information as the result of a penetration test. As part of the last stage, the security team prepares a detailed report describing the entire penetration testing process. It’s usually detailed the specific vulnerabilities that were exploited, the sensitive data that was accessed and the amount of time the pen tester was able to remain in the system undetected.
Clean up and Remediation:
After finishing up the report, pen testers clean-up the environments that have been assessed, such as removing any files or software used during the penetration test. They also shouldn’t leave any trace. They have to go through the systems again and remove any artifacts used during the test, as this could be leveraged by a real attacker in the future. Later, organizations/clients can begin to make the necessary patches to close these holes in their security infrastructure.
Retest:
This step is to ensure that the organization’s remediation were effective. Therefore, it’s necessary to do retest. The organization should take steps to remediate any exploitable vulnerability within a reasonable period of time after the original test. When the organization has completed these steps, the tester should perform a retest to validate the newly implemented controls mitigate the original risk.
Sources: PCI Security Standards Council – Imperva – Core Security
