0% found this document useful (2 votes)

340 views

Penetration Testing Tutorial PDF

Uploaded by

mastoi786

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (2 votes)

340 views

Penetration Testing Tutorial PDF

Uploaded by

mastoi786

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 9

Penetration Testing

About the Tutorial

Penetration Testing is used to find flaws in the system in order to take appropriate security
measures to protect the data and maintain functionality. This tutorial provides a quick
glimpse of the core concepts of Penetration Testing.

Audience
This tutorial has been prepared for beginners to help them understand the basics of
Penetration Testing and how to use it in practice.

Prerequisites
Before proceeding with this tutorial, you should have a basic understanding of software
testing and its related concepts.

Copyright & Disclaimer

All the content and graphics published in this e-book are the property of Tutorials Point (I)
Pvt. Ltd. The user of this e-book is prohibited to reuse, retain, copy, distribute or republish
any contents or a part of contents of this e-book in any manner without written consent
of the publisher.

We strive to update the contents of our website and tutorials as timely and as precisely as
possible, however, the contents may contain inaccuracies or errors. Tutorials Point (I) Pvt.
Ltd. provides no guarantee regarding the accuracy, timeliness or completeness of our
website or its contents including this tutorial. If you discover any errors on our website or
in this tutorial, please notify us at contact@tutorialspoint.com

i
Penetration Testing

Table of Contents
About the Tutorial .................................................................................................................................... i

Audience .................................................................................................................................................. i

Prerequisites ............................................................................................................................................ i

Copyright & Disclaimer ............................................................................................................................. i

Table of Contents .................................................................................................................................... ii

1. PENETRATION TESTING — INTRODUCTION ......................................................................... 1

What is Penetration Testing? .................................................................................................................. 1

Why is Penetration Testing Required? .................................................................................................... 1

When to Perform Penetration Testing? ................................................................................................... 1

How is Penetration Testing Beneficial? ................................................................................................... 2

2. PENETRATION TESTING — PENETRATION TESTING METHOD.............................................. 3

Steps of Penetration Testing Method ...................................................................................................... 3

Planning & Preparation ........................................................................................................................... 4

Reconnaissance ....................................................................................................................................... 4

Discovery ................................................................................................................................................ 4

Analyzing Information and Risks ............................................................................................................. 4

Active Intrusion Attempts ....................................................................................................................... 5

Final Analysis .......................................................................................................................................... 5

Report Preparation ................................................................................................................................. 5

3. PENETRATION TESTING — PENETRATION TESTING VS. VULNERABILITY ASSESSMENT ........ 6

Penetration Testing ................................................................................................................................ 6

Vulnerability Assessment ........................................................................................................................ 6

Which Option is Ideal to Practice? ........................................................................................................... 7

4. PENETRATION TESTING — TYPES OF PENETRATION TESTING.............................................. 8

Types of Pen Testing ............................................................................................................................... 8

ii
Penetration Testing

Black Box Penetration Testing ................................................................................................................. 8

White Box Penetration Testing................................................................................................................ 9

Grey Box Penetration Testing .................................................................................................................. 9

Areas of Penetration Testing ................................................................................................................. 10

5. PENETRATION TESTING — MANUAL AND AUTOMATED .................................................... 11

What is Manual Penetration Testing? ................................................................................................... 11

Types of Manual Penetration Testing .................................................................................................... 12

What is Automated Penetration Testing? ............................................................................................. 12

6. PENETRATION TESTING — PENETRATION TESTING TOOLS ................................................ 14

What are Penetration Testing Tools? .................................................................................................... 14

7. PENETRATION TESTING — INFRASTRUCTURE PENETRATION TESTING .............................. 16

What is Infrastructure Penetration Testing? ......................................................................................... 16

Types of Infrastructure Penetration Testing .......................................................................................... 16

External Infrastructure Testing .............................................................................................................. 17

Internal Infrastructure Penetration Testing ........................................................................................... 17

Cloud and Virtualization Penetration Testing ........................................................................................ 17

Wireless Security Penetration Testing ................................................................................................... 18

8. PENETRATION TESTING — PENETRATION TESTERS ........................................................... 19

Qualification of Penetration Testers...................................................................................................... 19

Role of a Penetration Tester .................................................................................................................. 20

9. PENETRATION TESTING — REPORT WRITING .................................................................... 21

What is Report Writing? ........................................................................................................................ 21

Report Writing Stages ........................................................................................................................... 21

Report Planning .................................................................................................................................... 21

Information Collection .......................................................................................................................... 22

iii
Penetration Testing

Writing the First Draft ........................................................................................................................... 22

Review and Finalization ........................................................................................................................ 22

Content of Penetration Testing Report.................................................................................................. 23

10. PENETRATION TESTING — ETHICAL HACKING ................................................................... 24

Who are Ethical Hackers? ...................................................................................................................... 24

Who are Criminal Hackers? ................................................................................................................... 24

What can Criminal Hackers do? ............................................................................................................. 24

What are the Skill-Sets of Ethical Hackers?............................................................................................ 26

What do Ethical Hackers do? ................................................................................................................. 26

Types of Hackers ................................................................................................................................... 26

11. PENETRATION TESTING — PENETRATION TESTING VS. ETHICAL HACKING ........................ 28

Penetration Testing ............................................................................................................................... 28

Ethical Hacking ...................................................................................................................................... 28

12. PENETRATION TESTING — LIMITATIONS ........................................................................... 30

13. PENETRATION TESTING — REMEDIATION ......................................................................... 32

14. PENETRATION TESTING — LEGAL ISSUES .......................................................................... 33

iv
Penetration Testing
1. Penetration Testing — Introduction

What is Penetration Testing?

Penetration testing is a type of security testing that is used to test the insecurity of an
application. It is conducted to find the security risk which might be present in the system.

If a system is not secured, then any attacker can disrupt or take authorized access to that
system. Security risk is normally an accidental error that occurs while developing and
implementing the software. For example, configuration errors, design errors, and software
bugs, etc.

Why is Penetration Testing Required?

Penetration testing normally evaluates a system’s ability to protect its networks,
applications, endpoints and users from external or internal threats. It also attempts to
protect the security controls and ensures only authorized access.

Penetration testing is essential because:

 It identifies a simulation environment i.e., how an intruder may attack the system
through white hat attack.

 It helps to find weak areas where an intruder can attack to gain access to the
computer’s features and data.

 It supports to avoid black hat attack and protects the original data.

 It estimates the magnitude of the attack on potential business.

 It provides evidence to suggest, why it is important to increase investments in

security aspect of technology.

When to Perform Penetration Testing?

Penetration testing is an essential feature that needs to be performed regularly for
securing the functioning of a system. In addition to this, it should be performed whenever:

 Security system discovers new threats by attackers.

 You add a new network infrastructure.

 You update your system or install new software.

 You relocate your office.

 You set up a new end-user program/policy.

1
Penetration Testing

How is Penetration Testing Beneficial?

Penetration testing offers the following benefits::

 Enhancement of the Management System: It provides detailed information

about the security threats. In addition to this, it also categorizes the degree of
vulnerabilities and suggests you, which one is more vulnerable and which one is
less. So, you can easily and accurately manage your security system by allocating
the security resources accordingly.

 Avoid Fines: Penetration testing keeps your organization’s major activities

updated and complies with the auditing system. So, penetration testing protects
you from giving fines.

 Protection from Financial Damage: A simple breach of security system may

cause millions of dollars of damage. Penetration testing can protect your
organization from such damages.

 Customer Protection: Breach of even a single customer’s data may cause big
financial damage as well as reputation damage. It protects the organizations who
deal with the customers and keep their data intact.

2
Penetration Testing
2. Penetration Testing — Penetration Testing Method

Penetration testing is a combination of techniques that considers various issues of the

systems and tests, analyzes, and gives solutions. It is based on a structured procedure
that performs penetration testing step-by-step.

This chapter describes various steps or phases of penetration testing method.

Steps of Penetration Testing Method

The following are the seven steps of penetration testing:

Planning & Preparation

Reconnaissance

Discovery

Analyzing information and risks

Active intrusion attempts

Final analysis

Report Preparation

3
Penetration Testing

End of ebook preview

If you liked what you saw…
Buy it from our store @ https://store.tutorialspoint.com

Bhi & Cae Assessment Cover Sheet
No ratings yet
Bhi & Cae Assessment Cover Sheet
16 pages
Understanding Windows Lateral Movements 2023
100% (1)
Understanding Windows Lateral Movements 2023
142 pages
CEH11 Lab Manual Module 15 - SQL Injection
No ratings yet
CEH11 Lab Manual Module 15 - SQL Injection
46 pages
3 Introduction To Metasploit Framework
No ratings yet
3 Introduction To Metasploit Framework
14 pages
Bluejacking
No ratings yet
Bluejacking
32 pages
Chapter 1: The Need For Cybersecurity: Instructor Materials
No ratings yet
Chapter 1: The Need For Cybersecurity: Instructor Materials
23 pages
A Study On Removal Techniques of Cross-Site From Web Application
No ratings yet
A Study On Removal Techniques of Cross-Site From Web Application
7 pages
Kumar 2017
No ratings yet
Kumar 2017
5 pages
Source SDK Game Development Essentials
From Everand
Source SDK Game Development Essentials
Brett Bernier
No ratings yet
Syllabus eMAPT
No ratings yet
Syllabus eMAPT
14 pages
Cross Site Scripting - XSS
No ratings yet
Cross Site Scripting - XSS
6 pages
Hack Windows Using Metasploit Lab Manual
No ratings yet
Hack Windows Using Metasploit Lab Manual
3 pages
A Forensic Analysis of Android Malware - How Is Malware Written and How It Could Be Detected?
No ratings yet
A Forensic Analysis of Android Malware - How Is Malware Written and How It Could Be Detected?
5 pages
02 Reconnaissance Techniques
No ratings yet
02 Reconnaissance Techniques
34 pages
Evaluationof Web Vulnerability Scanners Basedon OWASPBenchmark
No ratings yet
Evaluationof Web Vulnerability Scanners Basedon OWASPBenchmark
7 pages
Building A Home Web Server: Grant Root
No ratings yet
Building A Home Web Server: Grant Root
26 pages
Impact of Ict On Society: CLASS:4S4 TEACHER:Cik Mahsuri
No ratings yet
Impact of Ict On Society: CLASS:4S4 TEACHER:Cik Mahsuri
11 pages
Debugger stm8 PDF
No ratings yet
Debugger stm8 PDF
23 pages
An A-Z Index of The Bash Command Line For Linux - SS64
No ratings yet
An A-Z Index of The Bash Command Line For Linux - SS64
5 pages
9tut Tutorials
100% (1)
9tut Tutorials
119 pages
WsCube Tech - Penetration Testing (WS-PEN) Course
100% (1)
WsCube Tech - Penetration Testing (WS-PEN) Course
6 pages
Crash Course in SQL
No ratings yet
Crash Course in SQL
11 pages
Sqlmap PHP Datamapper Application Framework - V1.0: Wei Zhuo
No ratings yet
Sqlmap PHP Datamapper Application Framework - V1.0: Wei Zhuo
84 pages
The Paper 11
0% (1)
The Paper 11
15 pages
NW - Js Essentials - Sample Chapter
No ratings yet
NW - Js Essentials - Sample Chapter
18 pages
Unbound DNS Tutorial
No ratings yet
Unbound DNS Tutorial
14 pages
Frida Tutorial 2 - HackTricks
No ratings yet
Frida Tutorial 2 - HackTricks
7 pages
BruteForce SSH Attack Study
No ratings yet
BruteForce SSH Attack Study
36 pages
Study Guide: Linux
No ratings yet
Study Guide: Linux
46 pages
Learning iOS Penetration Testing Sample Chapter PDF
100% (1)
Learning iOS Penetration Testing Sample Chapter PDF
30 pages
Linux Iptables Firewall Configuration: Prince - Kenshi
No ratings yet
Linux Iptables Firewall Configuration: Prince - Kenshi
8 pages
Everything Curl
No ratings yet
Everything Curl
336 pages
Installing OpenWrt
No ratings yet
Installing OpenWrt
4 pages
ICTF15 PfSense IPS Firewall
No ratings yet
ICTF15 PfSense IPS Firewall
34 pages
Persistence Techniques in Windows Malware
No ratings yet
Persistence Techniques in Windows Malware
70 pages
Firewall Bypass
No ratings yet
Firewall Bypass
22 pages
Overview of Computer Networks: Norman Matloff Dept. of Computer Science University of California at Davis C
No ratings yet
Overview of Computer Networks: Norman Matloff Dept. of Computer Science University of California at Davis C
29 pages
SQL Injection by AntiGov
No ratings yet
SQL Injection by AntiGov
17 pages
Radare2 + Frida: Better Together /by @trufae + @oleavr
No ratings yet
Radare2 + Frida: Better Together /by @trufae + @oleavr
19 pages
Hack2Secure Web Application Security Testing Courses
No ratings yet
Hack2Secure Web Application Security Testing Courses
5 pages
Python Networking PDF
No ratings yet
Python Networking PDF
4 pages
Methods of Malware Persistence: On OS X Mavericks
No ratings yet
Methods of Malware Persistence: On OS X Mavericks
57 pages
Libgdx Cross-platform Game Development Cookbook
From Everand
Libgdx Cross-platform Game Development Cookbook
David Saltares Márquez
No ratings yet
X86-Win32 Reverse Engineering Cheat-Sheet
No ratings yet
X86-Win32 Reverse Engineering Cheat-Sheet
1 page
Vulnerabilities in Foscam IP Cameras Report
No ratings yet
Vulnerabilities in Foscam IP Cameras Report
12 pages
Levelup0X Bug Bounty Hunting Training PDF
No ratings yet
Levelup0X Bug Bounty Hunting Training PDF
7 pages
PDF Jaeles-Introduction
No ratings yet
PDF Jaeles-Introduction
45 pages
Nmap Scripts
100% (1)
Nmap Scripts
52 pages
Torrent Gas Private Limited: Application For Franchisee CNG Station
No ratings yet
Torrent Gas Private Limited: Application For Franchisee CNG Station
9 pages
Ultimate Pentesting for Web Applications: Unlock Advanced Web App Security Through Penetration Testing Using Burp Suite, Zap Proxy, Fiddler, Charles Proxy, and Python for Robust Defense (English Edition)
From Everand
Ultimate Pentesting for Web Applications: Unlock Advanced Web App Security Through Penetration Testing Using Burp Suite, Zap Proxy, Fiddler, Charles Proxy, and Python for Robust Defense (English Edition)
Dr. Rohit Gautam
No ratings yet
Certified Penetration Testing Professional CPTP
No ratings yet
Certified Penetration Testing Professional CPTP
12 pages
Lab Exercise 1: Boot Loader
100% (1)
Lab Exercise 1: Boot Loader
15 pages
Inject Your Code To A Portable Executable File - CodeProject®
100% (1)
Inject Your Code To A Portable Executable File - CodeProject®
40 pages
Burp Suite Tutorial: Part 2 - Intruder and Repeater Tools
No ratings yet
Burp Suite Tutorial: Part 2 - Intruder and Repeater Tools
7 pages
Pentesting Bible
No ratings yet
Pentesting Bible
56 pages
HTML5 Game Development with GameMaker
From Everand
HTML5 Game Development with GameMaker
Jason Lee Elliott
No ratings yet
Advanced Python for Cybersecurity: Techniques in Malware Analysis, Exploit Development, and Custom Tool Creation
From Everand
Advanced Python for Cybersecurity: Techniques in Malware Analysis, Exploit Development, and Custom Tool Creation
Adam Jones
No ratings yet
Certified Cyber Forensics Professional The Ultimate Step-By-Step Guide
From Everand
Certified Cyber Forensics Professional The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet
OpenCV for Secret Agents
From Everand
OpenCV for Secret Agents
Joseph Howse
No ratings yet
Mobile Malware Protection Third Edition
From Everand
Mobile Malware Protection Third Edition
Gerardus Blokdyk
No ratings yet
Python-Powered Ethical Hacking: Building Advanced Cybersecurity Tools
From Everand
Python-Powered Ethical Hacking: Building Advanced Cybersecurity Tools
Peter Johnson
No ratings yet
Cyber Attack On Nuclear Plants
No ratings yet
Cyber Attack On Nuclear Plants
10 pages
Hack For Dummies
No ratings yet
Hack For Dummies
31 pages
Nestley Report PDF
No ratings yet
Nestley Report PDF
17 pages
Oraganization of Mastoi Tribe
No ratings yet
Oraganization of Mastoi Tribe
7 pages
Stage: Acceptance Deployment Checklist: University of Edinburgh
100% (1)
Stage: Acceptance Deployment Checklist: University of Edinburgh
12 pages
BPF Explorer Handbook
No ratings yet
BPF Explorer Handbook
64 pages
P840 Troubleshooting
No ratings yet
P840 Troubleshooting
96 pages
BOP Internship Report
No ratings yet
BOP Internship Report
23 pages
Capacitor Basics
No ratings yet
Capacitor Basics
1 page
Cybercrime by BD Police
No ratings yet
Cybercrime by BD Police
29 pages
Burning Chrome
No ratings yet
Burning Chrome
3 pages
OceanofPDF - Com All Inclusive Ethical Hacking For Smartphone - Alexander Gabriel
No ratings yet
OceanofPDF - Com All Inclusive Ethical Hacking For Smartphone - Alexander Gabriel
93 pages
Crisis Communication Plan
No ratings yet
Crisis Communication Plan
106 pages
Untitled 93
No ratings yet
Untitled 93
25 pages
O e A G: Seminar On
No ratings yet
O e A G: Seminar On
26 pages
Network Security & Penetration
No ratings yet
Network Security & Penetration
2 pages
(Step by Step) Dos Attack On Router (Wireless Network Wi)
No ratings yet
(Step by Step) Dos Attack On Router (Wireless Network Wi)
9 pages
Essay Cyber Crime
100% (1)
Essay Cyber Crime
6 pages
Sahil Resume
No ratings yet
Sahil Resume
1 page
Types of Hackers and Its Examples
No ratings yet
Types of Hackers and Its Examples
4 pages
Of Information Is The Quality or State of Being Genuine or
No ratings yet
Of Information Is The Quality or State of Being Genuine or
3 pages
Ethical Hacking Abstract
0% (1)
Ethical Hacking Abstract
1 page
Hacker Tools Top Ten: Our Recommended Pentesting Tools For 2017
No ratings yet
Hacker Tools Top Ten: Our Recommended Pentesting Tools For 2017
6 pages
Cyber Attack
No ratings yet
Cyber Attack
119 pages
How To Become A Hacker PDF
No ratings yet
How To Become A Hacker PDF
3 pages
Penetration Test Dissertation
100% (2)
Penetration Test Dissertation
7 pages
Brochure Sansdfir
No ratings yet
Brochure Sansdfir
15 pages
PES 2020 Guide For This Best Gameplays!
No ratings yet
PES 2020 Guide For This Best Gameplays!
5 pages
Free Anonymous Hacking Tools 2013 - 2014 PDF
No ratings yet
Free Anonymous Hacking Tools 2013 - 2014 PDF
13 pages
Cyber Security and Ethical Hacking: The Importance of Protecting User Data
No ratings yet
Cyber Security and Ethical Hacking: The Importance of Protecting User Data
7 pages
Def Con 24 Program
100% (1)
Def Con 24 Program
35 pages
Lesson III PART 2. Foundation of Information System
No ratings yet
Lesson III PART 2. Foundation of Information System
39 pages
Computer Security Class Vii
No ratings yet
Computer Security Class Vii
7 pages
Unit 5 Cyberlaws
No ratings yet
Unit 5 Cyberlaws
9 pages
Eti MCQ
No ratings yet
Eti MCQ
21 pages
AVANZADO 5 Web 1
No ratings yet
AVANZADO 5 Web 1
38 pages
Hack Back Vol 2
No ratings yet
Hack Back Vol 2
17 pages
Hack Facebook in Few Minutes Hack FB - Kcech 24795 PDF
0% (1)
Hack Facebook in Few Minutes Hack FB - Kcech 24795 PDF
2 pages