Steps to do Penetration Testing

Sunny Jovita – 2301939046

Week 11

Disclaimer: This blog is for educational purposes only.

In this post today, I will explain the best steps on how to do a successful penetration testing.

Step 1 – Signing NDA

Before performing a penetration testing, it is important for your client and you to sign a NDA (Non Disclosure Agreement). Non-disclosure agreement is an important legal framework used to protect sensitive and confidential information from being made available by the recipient of that information. The purpose of signed NDA is to make the pentester commit to keeping all the confidential information and the findings safe.

Step 2 – Define the scope of the test

In here, you need to define the scope of the test, including the systems to be addressed, what testing method to be used, any data to provide to the tester, from where it will be tested, and by whom it will be tested. This stage is important for both tester and the client so they have a full understanding of what is expected and what information the tester will potentially have access to.

  1. Extend of the testing
  2. What will be tested
  3. From where it will be tested (internal, VPN, external)
  4. By whom it will be tested (personnel, 3rd party, internal)

Step 3 – Performing the penetration testing

Detail process:

  1. Tools (based on the type of the test)
  2. Scanning
  3. Getting access
  4. Maintaining access

Step 4 – Reporting and delivering results

Once the test is finished, the data is ready to be analyzed to determine what vulnerabilities could be exploited. With all of these information, we can go now to the last phase of pentesting. 

The final phase of pentesting is reporting. Inside the report, it includes all the findings and the processes conducted during the pentest mission. The tester submits the report to the client. The report will be the best communication tool for your pen test results. So the report must be very clear, meaningful, and understandable for both technical and non technical sides. A good report supports these following sections;

  1. Background or introduction -> explains the purpose of the pent testing. (goal: the client should gain a clear idea about the goal and the expected results of the pent testing)
  2. Information gathering
  3. Vulnerability assessment
  4. Vulnerability confirmation
  5. Post exploitation
  6. Risk/exposure
  7. Conclusion to give a final overview of the test.

With the right steps to pentest, hopefully it will succeed.

May 5, 2021 by Ethical Hacking

You may also like...