Securing IT infrastructure and customer data for any organization is of paramount importance; information security programs ensure reliable, uninterruptible, and safe operation of any system. Information security is a broad domain and can be divided into several categories for efficiency and expertise, such as web application security, mobile application security, and network security.

Each category has its own background requirements, for example, a developer can become a good web application tester, a mobile application developer can have a better hang on Mobile application security, Network and system administrators can become Network/System/DevOps security engineers. It is not necessary to be having prior knowledge but one needs to know a good know how of the domain they are performing security assessment for.

In this chapter, we will learn about the penetration testing methodology. We will list all the things you should take care of before commencing a penetration test. You should have clear answers to questions such as what is a penetration test? how is it different from vulnerability assessment? why should we as an organization do penetration testing? and who should do the penetration testing-the internal team or an external vendor who specializes in security assessment?