A penetration test is a test performed to evaluate the security level of a system. It is based on an authorized, simulated cyberattack on the system that provides a full risk assessment, which includes​ insights into the system’s strengths and vulnerabilities.
The penetration testing process can be broken into 5 distinct phases:
Collecting background data that can be used against the target system. The gathered data allows for the system to prepare and plan for the attack in the next few phases.
Using technical tools to extract more information about the target system relating to the protective systems in place. This is typically done through static analysis, which inspects the application’s code to predict the way it behaves, and dynamic analysis, which inspects the code when the application is in a running state.
This phase involves penetrating the targeted system through attacks like cross-site scripting, SQL injections, backdoors, and more. It then tries to exploit the vulnerabilities by causing damage to the system.
The goal is to be able to continue exploiting the system by maintaining vulnerabilities and staying persistently within the target environment.
The final phase involves cleaning any signs of penetration to prevent any possible signs of detection. Essentially, the system must return to its original state.
Free Resources