In simple words, penetration testing is used to test the information security measures of a company. Information security measures entail a company's network, database, website, public-facing servers, security policies, and everything else specified by the client. At the end of the day, a pentester must present a detailed report of their findings such as weaknesses, vulnerabilities in the company's infrastructure, and the risk level of particular vulnerabilities, and provide solutions if possible.

There are several points that describe the significance of pentesting:

• Pentesting identifies the threats that might expose the confidentiality of an organization
• Expert pentesting provides assurance to the organization with a complete and detailed assessment of organizational security
• Pentesting assesses the network's efficiency by producing a huge amount of traffic and scrutinizes the security of devices such as firewalls, routers, and switches
• Changing or upgrading the existing infrastructure of software, hardware, or network design might lead to vulnerabilities that can be detected by pentesting
• In today's world, potential threats are increasing significantly; pentesting is a proactive exercise to minimize the chances of being exploited
• Pentesting ensures whether suitable security policies are being followed or not

Consider the example of a well-reputed e-commerce company that makes money from an online business. A hacker or a group of black hat hackers find a vulnerability in the company's website and hack it. The amount of loss the company will have to bear will be tremendous.

An organization should conduct a risk assessment operation before pentesting; this will help identify the main threats such as misconfiguration or vulnerability in:

• Routers, switches, or gateways
• Public-facing systems; websites, DMZ, email servers, and remote systems
• DNS, firewalls, proxy servers, FTP, and web servers

Testing should be performed on all hardware and software components of a network security system.

The following points describe the qualities of a good pentester. They should:

• Choose a suitable set of tests and tools that balance cost and benefits
• Follow suitable procedures with proper planning and documentation
• Establish the scope for each penetration test, such as objectives, limitations, and the justification of procedures
• Be ready to show how to exploit the vulnerabilities that they find
• State the potential risks and findings clearly in the final report and provide methods to mitigate the risk(s) if possible
• Keep themselves updated at all times because technology is advancing rapidly

A pentester tests the network using manual techniques or the relevant tools. There are lots of tools available on the market. Some of them are open source and some of them are highly expensive. With the help of programming, a programmer can make his/her own tools. By creating your own tools, you can clear your concepts and also perform more R&D. If you are interested in pentesting and want to make your own tools, then the Python programming language is the best, since extensive and freely available pentesting packages are available in Python, in addition to its ease of programming. This simplicity, along with the third-party libraries such as scapy and mechanize, reduces the code size. In Python, to make a program, you don't need to define big classes such as Java. It's more productive to write code in Python than in C, and high-level libraries are easily available for virtually any imaginable task.

If you know some programming in Python and are interested in pentesting, this book is perfect for you.

Before we get into pentesting, the scope of pentesting should be defined. The following points should be taken into account while defining the scope:

• You should develop the scope of the project by consulting with the client. For example, if Bob (the client) wants to test the entire network infrastructure of the organization, then pentester Alice would define the scope of pentesting by taking this network into account. Alice will consult Bob on whether any sensitive or restricted areas should be included or not.
• You should take into account time, people, and money.
• You should profile the test boundaries on the basis of an agreement signed by the pentester and the client.
• Changes in business practice might affect the scope. For example, the addition of a subnet, new system component installations, the addition or modification of a web server, and so on, might change the scope of pentesting.

The scope of pentesting is defined in two types of tests:

• A non-destructive test: This test is limited to finding and carrying out the tests without any potential risks. It performs the following actions:
  • Scans and identifies the remote system for potential vulnerabilities
  • Investigates and verifies the findings
  • Maps the vulnerabilities with proper exploits
  • Exploits the remote system with proper care to avoid disruption
  • Provides a proof of concept
  • Does not attempt a Denial-of-Service (DoS) attack
• A destructive test: This test can produce risks. It performs the following actions:
  • Attempts a DoS attack and a buffer overflow attack, which have the potential to bring down the system