Understanding the Phases of the Pentesting Process

In the early days of information technology (IT), there wasn't a need to be concerned about any security threats or weaknesses in a system. With the advancement of technologies and mobile devices, a lot of persons seek to understand the art of exploiting computing systems and networks. The creation of the internet was a major milestone that improved the sharing and availability of information not only within an institution but globally. As information and knowledge became more readily available, a lot of people leveraged it for both good and bad purposes in the digital world.

Imagine a person simply sitting at home surfing the internet, researching methods and techniques of taking advantage of a vulnerability/weakness on another person's computer or network. That's quite scary, isn't it? A simple example is a disgruntled employee within an organization who works as administrative staff, who isn’t knowledgeable about the field of cybersecurity or computing. The disgruntled employee may want to cause harm to the organization upon leaving the company, such as destroying the data stored in the company's local file server. If they decide to research various hacking techniques during their free time, this can eventually turn into an insider threat.

Penetration testing in the field of cybersecurity is a very interesting path for many IT professionals. What makes this so interesting is that a penetration tester has to discover many methods to successfully exploit a system. At times, an exploit may work on one a system of a client or target but not on another. This is where the creativity mindset of a penetration tester is most needed. Personally, I like the challenge of trying to gain access (as a penetration tester) into a system that seems to be a bit challenging; what’s the fun if everything is easy to hack?

In this chapter, we will cover the following topics:

• What is penetration testing in the field of cybersecurity?
• Penetration testing methodologies
• Phases of penetration testing
• Motivations of using a methodology or process
• Expected deliverables from conducting a penetration test

Let's begin!