The most precise method to estimate your organization’s information security stance is to examine how it stands up against an attack. Unintentional or deliberate destruction of data, hardware failure or cyber-attack can happen anytime and organization needs to identify these threats by penetrating the resources. A penetration test process is an activity evaluating security measures of company information assets by simulating an attack from a malicious source. The process involves an active analyses on system design, operational strength and weaknesses, technical flaws, vulnerabilities and poor system configuration.
Penetration Testing Planning:
Information Gathering is an information gathering techniques and tools designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) available in the target/victim websites. Network Mapping Is the process of gathering information in order to identify and understand the internal working of systems? It is important:
- To determine what the network looks like logically, understand the information and construct network map
- To find out available resource and processing time
- To identify weaknesses
Vulnerability identification, there is no definitive list of all possible sources of these system vulnerabilities, anything can be system vulnerabilities!
- Poor security management
- Incorrect implementation
- Social engineering
- Poor design
- Human factors Operation system
Exploitation and Launching of Attacks: After the vulnerabilities are identified on the target system, it is then possible to launch the right exploits. The goal of launching exploits is to gain full access of the target system. Reporting: After the completion of the penetration test, it is important to get user-customized reporting suites for a technical and/or management overview. This includes the executive summary, detailed recommendations to solve the identified vulnerabilities, and official security ID numbers for the vulnerabilities.