Penetration testers must test for any and all vulnerabilites, not just the ones that grant them root access to a system.
Considering the penetration test as a process, rather than an unstructured block of tasks, this ensures that every potential vulnerability or security weakness gets tested, with the lowest possible overhead.
| Method | Description |
|---|---|
| Engagement | Quotation, proposal submittal, scope of engagement, incident handling, legal work. |
| Information Gathering | The process of collecting information before deploying any real attacks |
| Footprinting and Scanning | Deepening your knowledge of the in-scope servers and services. Port scanning, detecting services... |
| Vulnerability Assesment | The process which defines, locates, and classifies the security leaks in a computer, network, or application. |
| Exploitation | Enabling pen testers to compromise a system and expose to it further attacks. |
| Reporting | Documenting all the steps that led to a successful attack during the test. |
A successful exploit of a machine helps to investigate the target network further, to discover new targets and to repeat the process from the information gathering phase.
A penetration test is a cyclic process.
The process ends when there are no more systems and services in-scope to exploit.
Remember, a penetration test is used to find any and all vulnerabilities.
The report must address:
- Techniques used
- Vulnerabilities found
- Exploits used
- Impact and risk analysis for each vulnerability
- Remediation tips
Using your time at "widening the attack surface" is much more valuable than shooting darts at an unknown target. You do not know where to shoot, and you do not know which technique is the best to use.