Depending on which book you read or document you examine you will find that the labels used for pen testing are laid out a little differently. Basically the structure is as follows:
1. Legalities – You need to sign a contract with the client and make sure you are legally covered before starting any test.
2. Footprinting – This phase of the pen test involves finding out as much as possible about the client's security posture. These activities can be passive or active.
3. Scanning – This is where the pen test starts to get technical. Various tools can be used to scan for open ports, applications, and vulnerabilities.
4. Enumeration – A more directed query focused on the possible targets for attack.
5. System attack – At this point a member of the pen test team has located a vulnerability that will allow them access to the targeted resource.
6. Privilege Escalation – Not every system hack will initially provide full access to the targeted system, in those circumstances privilege escalation is required.
7. Planting the flag – Most pen tests will have a stated target. Such as gain access to the system, plant a flag, remove the CEO's password, etc.
8. Prepare the report – Here is where the paperwork comes in you will need to document how you were able to gain access, what vulnerabilities were discovered, the risk of the vulnerabilities, and how you propose they be dealt with.
This was first published in August 2006