DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

jimenezfede
jimenezfede

Posted on

Penetration Testing

Also known as pen testing or ethical hacking, penetration testing is a way to test the security of a website, web app, or computer. These tests are categorized as whitebox, blackbox, and graybox. Whitebox is when the tester is given additional information on the target other than the basic information. Blackbox is when the tester is only given the basic information on the target. And graybox is a mixture of both whitebox and blackbox. There are five steps to this process: planning, scanning, gaining access, maintaining access, and the report.

The first step is planning. This step is where the tester and the client discuss the test. How much information the tester is given. The goal of the test. How the test will be executed.

The second step is scanning. This process is for the tester to gather more information on the target, outside of the information that was already given to the tester. A way to do this is by using nmap to investigate the web server ports.

Image description

The third step is gaining access. From the information gathered, the tester can start to exploit vulnerabilities. This can be done by using Metasploit. Metasploit is a platform that has many tools to use to attack a target. Then once in, the tester can try to β€˜break things’,
Image description by making the code do something else other than whats expected of it or the tester could try to gather secured information. But it is very important that the tester stays within the terms agreed upon with the client in the planning step.

Image description

The fourth step is maintaining access. This is done by remaining undetected. Keeping a record of how the tester was able to gain access. And erasing any trace of his presence.

The final step is the report. The report consists of the vulnerabilities, the information that was accessed, and the amount of time the tester was able to do it without being detected. Once the client is given the report and made aware of his vulnerablities, changes can be made to strengthen the security.

Penetration testing is one of many fields in cyber security. Tryhackme.com is a great way to learn and practice hacking. Having a general knowledge of the commandline and being able to read code is essential for this field. Also learning of the different kinds of attacks like SQLI, XSS, LFI.

Sources:

Top comments (0)

Build Anything...


Use any Linode offering to create something for the DEV x Linode Hackathon 2022. A variety of prizes are up for grabs, inculding $1,000 USD. πŸ‘€

β†’ Join the Hackathon <-