Manage Learn to apply best practices and optimize your operations.

What structure can I follow for penetration testing?

In this question, Michael Gregg discusses the basics of penetration testing on your network.

I am basically interested in penetration testing. I am not able to get the exact methodology and process for the same, if you could provide me some links or materials.

Depending on which book you read or document you examine you will find that the labels used for pen testing are laid out a little differently. Basically the structure is as follows:

1. Legalities – You need to sign a contract with the client and make sure you are legally covered before starting any test.

2. Footprinting – This phase of the pen test involves finding out as much as possible about the client's security posture. These activities can be passive or active.

3. Scanning – This is where the pen test starts to get technical. Various tools can be used to scan for open ports, applications, and vulnerabilities.

4. Enumeration – A more directed query focused on the possible targets for attack.

5. System attack – At this point a member of the pen test team has located a vulnerability that will allow them access to the targeted resource.

6. Privilege Escalation – Not every system hack will initially provide full access to the targeted system, in those circumstances privilege escalation is required.

7. Planting the flag – Most pen tests will have a stated target. Such as gain access to the system, plant a flag, remove the CEO's password, etc.

8. Prepare the report – Here is where the paperwork comes in you will need to document how you were able to gain access, what vulnerabilities were discovered, the risk of the vulnerabilities, and how you propose they be dealt with.

There are many good books on the topic of pen testing. Two I would recommend are: Que's Certified Ethical Hacker Exam Prep and Inside Network Risk Assessment.

This was last published in August 2006

Dig Deeper on Network Security Monitoring and Analysis

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.