How pentesting absolutely makes you forget about the operation’s failure — CyberForged

WHAT THE HELL IS THIS

Pentesting is a testing process in which the system is subjected to predefined attacks that it is supposed to suffer in a real environment. We can take it as a kind of rehearsal of a theater play before the general public comes to see it: First, we show it to theater experts, we see what they say and what they criticize, we solve it and then we go out to the general public and wait for that great ovation that we deserve.

The art of pentesting

Let’s imagine the following: we want to get a haircut because due to the COVID-19 quarantine we haven’t had a chance to go. The thing is that we have recently moved, and we do not know the quality of services in the area, so we just go to the first one. We stand at the door and we see how they cut hair, and how the people are leaving the store with the cut hair.

The phases of a pentesting

I think a picture is worth a thousand words, so let’s take a look at the next one:

  • Information gathering and discovery: From here until the reporting phase, only the hacker has work to do. In this phase, the hacker will try to get as much information as possible from the servers to attack. It should be noted that this information can be public (on the Internet) but he can also ask the project or even use social engineering techniques to extract what he needs.
  • Vulnerability scanning: Cool. Now that he has all the information he needs about the systems, he goes on to recognize them. In this phase, he will try to discover, thanks to automated tools and his knowledge, the vulnerabilities that exist in the systems.
  • Exploitation: When the hacker finds vulnerabilities, he must exploit them. That is to say, it is not the same thing to find something that to really show that this something (the vulnerability) is dangerous and that it really has an impact on the system. There are many times that vulnerabilities are discovered, but because of the characteristics of the system, there is no way to make those vulnerabilities active or useful to a hacker, so those vulnerabilities, although present, do not pose a direct threat to the system. This phase will also depend on what was agreed upon in the planning phase and the limits of the pentesting.
  • Reporting: Along with the planning phase, the most important phase of the pentesting process. In this phase, the hacker prepares a document with all the discoveries he has made (vulnerabilities, exploits…) and presents it to the project. If there are critical vulnerabilities, the project will have to solve them in order to start the pentesting process again to validate the solutions provided.
  • END!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store