Penetration Testing Theory

1. Definition of Penetration Testing

Penetration Test is a test in which personnel with information security knowledge and skills are entrusted to simulate the attack methods of malicious hackers.

Usually we describe it as a method/activity that explores possible vulnerabilities in the system to assess the security of computer network systems.

2.Assessment objects of penetration testing

Physical security, network security, application security, WEB security, operating system security, docker security, database security, business security, distributed Security, interface security, client security, etc.

3.Classification of penetration testing

According to testing method: black box testing, white box testing, gray box testing
Whether to run the application: dynamic testing, static testing
According to the test location: external network test, intranet test

4. The significance of penetration testing

Security value = the basis of other values (economic value, business value, technical value)
Through penetration testing, companies can identify major vulnerabilities, determine the priority of patching them, and appropriately allocate the time for system patch installation to ensure the security of the system environment.
Avoiding security vulnerabilities means avoiding unnecessary losses. Because, to recover from security breaches, companies often have to spend a huge amount of money to remediate the losses to the company and customers, and may even be sued for it. Penetration testing can effectively avoid such problems, help the company establish a good corporate image, and win higher trust.
Some people say, I am a developer and I have used various means to ensure security during the research and development stage. Why do I need penetration testing?

  1. Faced with self-developed systems, developers are always accustomed to dealing with areas where security vulnerabilities are more likely to occur. However, it is difficult to find some hidden vulnerabilities that are not easily discovered.
  2. Developers are usually not experts in the security field, so they often lack professional security knowledge and do not understand common system attack methods. As a result, they are unable to fully and objectively test security-related scenarios.

5. Standardized process for penetration testing

  • Preliminary interaction: Communicate with customers to determine the goals, scope, time, methods, report format, etc. of penetration testing.
  • Intelligence Gathering: Gather target system information through various means, such as domain names, IP addresses, open ports, and service versions, operating system type, etc.
  • Threat modeling: Based on the results of intelligence gathering, analyze possible threats and attack surfaces of the target system, and formulate a penetration testing plan.
  • Vulnerability analysis: Use various tools or manual methods to scan and verify the vulnerabilities of the target system to determine the exploitable vulnerabilities and attack points.
  • Exploitation: Based on the results of vulnerability analysis, select appropriate attack techniques and tools to conduct actual penetration attacks on the target system to obtain permissions or data, etc.
  • Post exploitation: After gaining control of the target system, further operations such as lateral movement or vertical escalation of privileges are carried out to expand the sphere of influence or digging deeper information, etc.
  • Reporting: Based on the data and evidence recorded during the penetration testing process, prepare a detailed penetration testing report and provide relevant and appropriate repairing suggestions.
    For more detailed procedures, please refer to: http://www.pentest-standard.org/index.php/Main_Page