Penetration testing may be complicated, but conceptually it is simple to understand. Basically, pen testing is the act of hacking a system to better understand its security weaknesses. In doing so, an organization gains the information needed to begin strengthening or repairing its system(s). This infographic is designed to provide an overview of the penetration testing process; offering a simplified glimpse into a complex process.
Armed with intel gathered from social engineering and vulnerability scanning, the penetration tester begins bombarding the web application (or infrastructure or wireless system) with hacking attempts.
Throughout the penetration test, information is gathered and risks are identified.
The results of the penetration test are prioritized and compiled in an executive report. Risks are labeled and described, and a proposed solution is provided.
The report is used by the IT team to guide the subsequent risk mitigation process. At this time IT staff members and developers work to resolve high and moderate risk findings.
Following the attempt to fix discovered issues found in an external test, the penetration tester will validate remediation efforts. This process will confirm whether or not the remediation was successful.
- Validated Input
- Secure Authentication
- Correct Security Configuration