Stages of an application pentest

It is trivial to understand the stages of an application pentest as it lays the groundwork and ensures that the pentester covers all the possible endpoints and does an efficient scan. A web application pentest is broadly categorized in the following stages:

• Planning and reconnaissance
• Client end code analysis
• Manual testing 
• Automated testing
• Exploiting discovered issues 
• Digging deep for data exfiltration
•  Taking shells
• Reporting

Among these stages, the planning and reconnaissance stage is the most important stage, as there are possibilities that a tester might miss out critical entry endpoints into the application, and those areas might go untested. Let's explore in a little more detail what happens in each stage.