Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Penetration Testing Bootcamp

You're reading from   Penetration Testing Bootcamp Quickly get up and running with pentesting techniques

Arrow left icon
Product type Paperback
Published in Jun 2017
Publisher Packt
ISBN-13 9781787288744
Length 258 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Jason Beltrame Jason Beltrame
Author Profile Icon Jason Beltrame
Jason Beltrame
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Planning and Preparation FREE CHAPTER 2. Information Gathering 3. Setting up and maintaining the Command and Control Server 4. Vulnerability Scanning and Metasploit 5. Traffic Sniffing and Spoofing 6. Password-based Attacks 7. Attacks on the Network Infrastructure 8. Web Application Attacks 9. Cleaning Up and Getting Out 10. Writing Up the Penetration Testing Report

Why does penetration testing take place?

There are many reasons why penetration tests are necessary. Sometimes, a company may want to have a stronger understanding of their security footprint. Sometimes, they may have a compliance requirement that they have to meet. Either way, understanding why penetration testing is necessary will help you understand the goal of the company. Plus, it will also let you know whether you are performing an internal penetration test or an external penetration test. External penetration tests will follow the flow of an external user and see what they have access to, and what they can do with that access.

Internal penetration tests are designed to test internal systems, so typically, the penetration box will have full access to that environment, being able to test all software and systems for known vulnerabilities. Since tests have different objectives, we need to treat them differently; therefore, our tools and methodologies will be different.

Understanding the engagement

One of the first tasks you need to complete prior to starting a penetration test is to have a meeting with the stakeholders and discuss various data points concerning the upcoming penetration test. This meeting could involve you as an external entity performing a penetration test for a client, or as an internal security employee doing the test for your own company. The important element here is that the meeting should happen either way, and the same type of information needs to be discussed.

During the scoping meeting, the goal is to discuss various items of the penetration test so that you have not only everything you need, but also full management buy-in with clearly defined objectives and deliverables. Full management buy-in is a key component for a successful penetration test. Without it, you may have trouble getting the required information from certain teams, or there may be scope creep, or general pushback.

You have been reading a chapter from
Penetration Testing Bootcamp
Published in: Jun 2017
Publisher: Packt
ISBN-13: 9781787288744
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image