Penetration Testing Stages
Penetration Testing, or commonly known as Pen Testing is essentially an ethical form of hacking, conducted with the full approval of the customer, with the intention to test your network’s vulnerabilities and threats, which any identified could leave you vulnerable to hackers if left untreated, today’s post will provide you with an insight into the penetration testing stages.
The 7 Stages:
When we discuss Penetration Testing, it’s more commonly seen that we tell you the justifications for conducting Penetration Testing, but those can be found here, whereas you may never be aware of what happens during Penetration testing, nor may you be aware that there are several stages to the complete Penetration Test.
Planning:
The planning stage will include an initial phone call or meeting between Data Installation & Supplies and the customer.
Within this meeting we will determine your public IP address range, or ranges, alongside discussing with you the scope of the Penetration Test, alongside agreeing a convenient date and time for the test to take place.
You are required to provide us with signed permission before the Penetration Test can be carried out because the test is ethically hacking your network, to try to gain access and determine where your vulnerabilities lie.
It’s important to tell you as well that the Penetration Test will be conducted by an individual with no knowledge of your networks, so the first experience of your website will be upon beginning the Penetration Test.
Scanning:
The scanning element is the first part of the actual Penetration Test.
This stage includes an initial port scan of the IP Addresses agreed in the Planning phase.
Gain & Maintain Access:
This stage is where we access your network to uncover your vulnerabilities, followed by a more in-depth testing on visible ports associated to the IP addresses to identify what can be seen on the ports and vulnerabilities that potential hackers could exploit.
Analysis:
Upon completion of the Penetration Test, an in-depth analysis will be compiled into a report.
The report will contain a list of any vulnerabilities that have been identified, which could pose a risk or threat that they could be hacked, furthermore the report will include details of your data which could be compromised by a cyber-criminal.
Feedback:
A report call will be scheduled where we will present both the report to you and discuss the findings.
We will answer any questions and advise the most appropriate remediations that should be carried out to secure your network, based on the recommendations from the Penetration Test.
Solutions:
This is the stage where any vulnerabilities identified are remediated, this can either be completed by us, or internally by your internal IT employees.
It should be noted that without implementing the recommendations your network is still vulnerable.
Result:
Upon completion of the recommendations, you will benefit from tighter security, however it is important to understand that a Penetration Test shouldn’t be a one-off solution.
Depending on the nature of your business the frequency of conducting Penetration Tests may be dictated by your company policy, or if you make regular firewall changes throughout the year then we would recommend them being carried out at 3-6 month intervals.
However if very little changes, annual Penetration Tests should be adequate.
We hope this guide to what happens at each stage of the Penetration Test has been both useful and informative for you.
If you would like any further information or would like to discuss booking a Penetration Test then please don’t hesitate to contact Data Installation & Supplies on 01274 869 099 or info@disnorth.com.