Penetration Testing

  1. Attempts to exploit vulnerabilities just as a threat actor would

  2. Planning is perhaps the most important part of pentesting.

  3. Who should perform the test? Each option has advantages and disadvantages.

    • internal security personnel
    • external consultants
    • croudsourced pentesting

  4. Rules of engagement: establish the limits or parameters of the penetration test in advance to avoid issues.

    • Timing
    • Scope
    • Authorization
    • Exploitation
    • Communication
    • Cleanup
    • Reporting

  5. Performing a Penetration Test

    • Key ingredient: persistence
    • Phase 1: reconnaissance
    • Phase 2: penetration