What is information gathering?
Information gathering is the first step toward the actual assessment. Before targets are scanned using vulnerability scanners, testers should know more details about the assets in the scope of the testing. This will help the testing team to prioritize assets for scanning.
Importance of information gathering
"Give me six hours to chop down a tree and I will spend the first four sharpening the axe."
This is a very old and famous quote by Abraham Lincoln. The same applies to the amount of time spent in gathering as much information as possible prior to performing any security assessment. Unless, and until, you know your target inside and out, you will never succeed in performing its security assessment. It's crucial to have a 360-degree view of the target and gather all possible information about it through all available sources.
Once you are confident that you have gathered enough information, then you can very effectively plan the actual assessment. Information...