What is penetration testing and what are the major types of pentesting? What kind of “hat” do pentesters wear and why? What are the main steps we employ to conduct pentesting?
Penetration Testing is an assurance mechanism our controls are working properly, which is done under the strict approval/permission of senior management and is dubbed as Ethical hacking as result. It is a means by which we check exploitable vulnerabilities in our controls and recommend countermeasures to address those security weaknesses.
The major types of Pen Testing:
Black-box Testing: Testers with zero knowledge of the infrastructure to be tested.
White-box Testing: Testers with full knowledge of the infrastructures or services under consideration.
Gray-box Testing: Testers have partial knowledge of the environment to be tested.
All penetration testers should wear White hat because, unlike the black hat hackers, these are Ethical professional testers trying to find flaws so we can fix it.
Phases of pen testing shall include:
(Planning –> Reconnaissance –> Scanning (Enumeration) –> Vulnerability Assessment –> Exploitation –> Reporting).