Penetration Testing

Home  /  

Penetration Testing

Penetration testing is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system’s defenses which attackers could take advantage of.

While attackers work target-oriented in an attack attempt,  cyber-security experts are required to check all scopes and perform their tests by obtaining legal authorization from the relevant service recipient.

Penetration Testing

Please contact us for detailed information and support about penetration testing.

Penetration Testing Stages

The penatration testing process can be broken down into three stages.

These stages are: planning and preparation, implementation and reporting.

Planning and Preparation Phase

At this stage, information such as the test method, tools, scope, how long the test will be completed, what will be tested are explained. The Plan is created and the goal is determined.

Implementation Phase

This stage is divided into seven within itself.

Information Gathering: Passive / active methods are used to collect information about the target system.

Scanning: The information gathered is used to perform discovery activities to determine things like ports and services that were available for targeted hosts, or subdomains, available for web applications. Vulnerabilities are detected with the information obtained.

Gaining Access: By using the data collected during the information gathering and scanning stages, the necessary research and planning is carried out to benefit from the targeted system and to exploit the found vulnerability.

Maintaining Access: Steps are taken to ensure a permanent stay in the target system to collect as much data as possible from the target.

Attack / Penetration / Privilege Escalation: Prepared payloads or exploits are run on the target system. The function of the exploit being run on the system and its effect on other systems are examined. The required privilege escalation or lateral movements are performed.

Vulnerability Scan: In this section,  vulnerabilities in the system are try to find. These steps are performed again for each vulnerability found.

Clean Up the Tested Environment: Once the penetration testing recommendations are complete, the tester should clean up the environment, reconfigure any access he/she obtained to penetrate the environment, and prevent future unauthorized access into the system through whatever means necessary.

Reporting Phase

A summary of the transactions applied in the previous stage is made. Measures that can be taken to eliminate possible vulnerabilities and risks, which systems may be affected and their effects are reported.

Gais Security
Gais Security

Gais Cyber Security Technologies is at your side with its expert team. Call us for detailed information.