What is penetration testing?

Penetration testing is used to identify vulnerabilities and evaluate the overall security of IT and networking environments. Vulnerabilities may be present within operating systems, applications, storage environments and other locations. These vulnerabilities may be exploited through improper configurations or risky end-user behavior, whether malicious or otherwise. Penetration testing can be automated or performed manually, with testers purposefully exploiting vulnerabilities for further troubleshooting.

What are the stages of penetration testing?

The seven phases of penetration testing include pre-engagement, reconnaissance, discovery, vulnerability analysis, exploitation, reporting and remediation.

Penetration testing is the act of purposefully identifying and exploiting vulnerabilities within a system in order to determine how open a system is to threats. From here, cybersecurity professionals can identify and provide goals for fixing vulnerabilities. In order to be thorough, penetration testing typically occurs in seven stages:

• Pre-engagement
• Reconnaissance
• Discovery
• Vulnerability Analysis
• Exploitation
• Reporting
• Remediation.

The pre-engagement phase consists of engaging with and hiring a penetration tester to discuss the scope, logistics, rules of engagement, timeline and type of test that will be performed, such as an internal or external network, application, wireless or physical penetration test. Reconnaissance is when the tester performs open-source intelligence (OSINT) tests to gather information about a target such as the system, network components, active machines and access points. Scanning utilizes specific tools, such as war dialers, port scanners and network mappers to gather additional information. Discovery consists of scanning and asset analysis, often through the use of a network scanning tool, to identify available assets and gather information about the operating system, open ports and services running. This is particularly necessary in black box testing, where a penetration tester has no knowledge of how to access a network. Vulnerability analysis comes next and is used to determine potential exploitation opportunities through knowledge from the discovery phase and automated vulnerability scanning tools, like Tenable and Rapid7.

The exploitation phase sees penetration testers attempting to gain access through the identified vulnerabilities, with a general goal of accessing root or administrator privileges on a machine. A common tool used for this is Metasploit, which streamlines the process for finding and executing publicly available exploits. This phase is the key differentiator between a vulnerability test, in which a tester identifies network vulnerabilities that may contain false positives or inapplicable code to the environment, and a penetration test, which proves that vulnerabilities are exploitable and simulates the consequences of these vulnerabilities. Reporting is when the tester creates a thorough report outlining the steps taken through the test, the results found and the risk level of the vulnerabilities. A penetration test typically includes an executive summary, methodology, findings and recommendations, and an appendix section. Finally, remediation consists of steps taken to close vulnerability gaps at the organizational level, with internal teams attempting to reproduce attack chains and institute appropriate changes.

What are the types of penetration testing?

The six most commonly used types of penetration testing include external network, internal network, social engineering, physical, wireless and application penetration testing.

There are six primary forms of penetration testing:

• External network penetration testing
• Internal network penetration testing
• Social engineering testing
• Physical penetration testing
• Wireless penetration testing
• Application penetration testing

External network penetration testing identifies vulnerabilities in publicly available information and external-facing assets. This information includes company emails, cloud-based applications and websites. Internal network penetration testing helps recommend better permissions for employees by simulating an attacker breaching an internal network and gaining access to data. Social engineering testing determines how susceptible staff members may be to unwittingly exposing confidential information to a malicious actor posing as a trusted stakeholder, often through the use of phishing emails. Physical penetration testing simulates a physical breach by an intruder gaining access to a facility and accessing or destroying information in person. Wireless penetration testing helps ensure WiFi networks and wireless protocols are safeguarded from anyone accessing the WiFi network. Finally, application penetration testing determines vulnerabilities within applications, like missing patches or exploitable holes in externally facing applications.

How does a penetration test work?

Penetration testing can be done by accessing a network from an external location or through in-network simulations.

Penetration testing can work in one of two ways: either as a black box test or as a white box test. Black box testing occurs when a penetration tester makes an attempt at accessing a network by impersonating an outsider that has no inside knowledge of the network. Black box testing is the most common method of testing because it simulates how the majority of malicious attempts to gain access will occur.

White box testing most often follows black box testing when performing a penetration test and simulates an attempt to gain access through the use of insider knowledge on system vulnerabilities. In order to perform a white box test, an organization must provide information about a network’s permissions beforehand while black box tests are executed without prior network knowledge.