Читать книгу Web Penetration Testing - Radhi Shatob - Страница 12

Penetration test consists of five phases:

 Reconnaissance Phase: Passive information gathering of preliminary data or intelligence of a target system, the data is gathered in order to plan attack.

 Scanning Phase requires the application of technical tools to gather further intelligence on target system but in this case the data gathered is about the systems that customer have in the place, a good example is the use of vulnerability scanner on a target network.

 Exploitation and Post exploitation Phase: This phase also known as gaining access, it requires taking control of one or more network devices in order to either extract data from the target or to use that device to launch attacks on other targets. The purpose of the post exploitation phase is to determine the value of the machine compromised and maintain control for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network.

 Covering Tracks phase: simply means that the attacker must take steps necessary to remove all trace of detection, any changes that were made, escalation of a privilege, etc. all must return to state of no recognition by the host and network administrators.

 Reporting Phase: Reporting is the prove of Pen-tester actions during the Pen-test, it is where the Pen-tester going to report the finding and share recommendations to remediate the vulnerabilities and weaknesses.