Penetration testing, also known as pen testing, is an authorized attack on a computer system that is done to evaluate the security of the system/network. The test is performed to identify vulnerabilities and the risks they pose. A typical penetration test is a five-stage process that identifies the target systems, their vulnerabilities, and the exploitability of each vulnerability. The goal is to find as many vulnerabilities as possible and report back in a universally acceptable format for the client to understand. Let's look at the different types of penetration testing in the next section.

Depending upon the client's requirement, penetration tests can be categorized into three types:

• White box
• Black box
• Gray box

We will discuss each of these in the following sections.

A white box penetration test, or a glass box or clear box penetration test, is a type of test in which the information and details regarding the target system, network, or application are fully shared by the client, such as the login credentials of the systems, the SSH/Telnet login for the network devices, and the application source code that needs to be tested. Since the information retrieved from the client regarding their system, network, or application is highly sensitive, it is recommended...

To have a better understanding of penetration testing, let's go through the stages of the process:

• Stage 1: Reconnaissance
• Stage 2: Enumeration
• Stage 3: Vulnerability assessment and analysis
• Stage 4: Exploitation (includes the post-exploitation period)
• Stage 5: Reporting

This can be seen in the following diagram:

Each and every stage has its own set of tools and techniques that can be used to perform the testing efficiently.

Reconnaissance is the very first stage of performing a penetration test. In this stage, a pen tester will try to identify the system or application in question and find as much information as they can about it. This is the...

Now that we are familiar with the standards, let's now cover the important terminology that we will be using a lot in the upcoming chapters:

• Vulnerability: A weakness in a system that may allow an attacker to gain unauthorized access to it.
• Spoofing: A situation where an individual or program successfully masks data as something else in order to obtain an unlawful advantage.
• Exploit: A piece of code, a program, a method, or a sequence of commands that takes advantage of a vulnerability to gain unauthorized access to a system/application.
• Payload: The actual code that is executed on the system after/during exploitation to perform the desired task.
• Risk: Anything that can affect the confidentiality, integrity, and availability of data. Unpatched software, misconfigured servers, unsafe internet surfing habits, and so on all contribute to risk.
• Threat...

As we all know, there are no official penetration testing standards defined; however, our security community has introduced a few standards for all security personnel to follow. Some of the commonly known standards are the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), and the Information Systems Security Assessment Framework (ISSAF). Most of them follow the same methodology, but their phases have been named differently. We will take a look at each of them in the following sections and cover PTES in detail.

The definition of the OSSTMM is mentioned on their official website...

In this section, we will talk about the Common Weakness Enumeration (CWE). The CWE is a universal online dictionary of weaknesses that have been found in computer software. In this section, we will cover two well-known CWEs—the OWASP Top 10 and the SANS Top 25.

Open Web Application Security Project (OWASP) is an organization that provides computer and internet applications with impartial, realistic, and cost-effective information.

The current list for 2020 contains the following bugs:

• Injection
• Broken authentication
• Sensitive data exposure
• XML external entities (XXE)

• Broken access control
• Security misconfigurations
• Cross-site scripting (XSS)
• Insecure deserialization
...

In this chapter, we started with the introduction to penetration testing and its types and stages. We covered the pen testing methodologies and life cycle and we looked at some important terminology. Then, we looked at the OWASP Top 10 and SANS Top 25.

In the next chapter, we will learn about the essentials of Metasploit including the Metasploit framework, installation, and setup.

1. Is there a database that maintains the Common Weakness Enumeration (CWE) list?

2. Where can I find the OWASP Top 10 and SANS Top 25 lists?

3. Are the tools required to perform a penetration test free?

4. How do the OSSTMM- and PTES-based penetration tests differ?

• The Institute for Security and Open Methodologies (ISECOM): http://www.isecom.org/
• The pen test standard website: http://www.pentest-standard.org/index.php/Main_Page