What does an effective penetration test consist of: Introduction
To find the weak points and improve the defences of the organisation, a penetration test is designed to simulate the behaviour of both internal and external cyber threats. There are several methods and techniques to use during a penetration test. To do an effective penetration test, Vulnerability scanning is necessary as it will help in the identification of vulnerabilities within the structures of the company. With the result of the penetration test, we can take appropriate measures to strengthen and remediate the vulnerabilities to safeguard the infrastructure from the future attacks.
What does an effective penetration test consist of: Stages of Penetration Testing
1. Planning and Preparation
To have an effective penetration test, planning is an important step which is needed for success. Everything needs to be pen down such as the goals of the penetration test, the scope of the penetration test etc. We have to align our expectation that what we need to get out of the penetration test such as :
- What kind of penetration test does the organisation want? Does it want an internal penetration test which will be conducted from inside the organisation or does it want an external penetration test which will be simulated from outside the organisation?
- Do we need to inform the SOC (Security Operations) Team that a penetration test is being conducted or will we conduct the penetration testing without their knowledge which will make them think that it is a real attack to check their incident response strategy?
- What kind of data should be shared with the penetration testers to make it an effective penetration test?
Once the goals and scope of the penetration test have been established, the penetration testers will start the work. In the discovery phase, the team will carry out different types of reconnaissance on the target or the client. More information can be gathered by the Internet Protocol (IP) addresses, their firewall rules, details about their network infrastructure etc. With the tools such as the Harvester, the penetration testers can get the email details which will aid them a lot during the penetration testing process. Once the emails have been discovered, they can send the phishing emails to get the credentials of the domain accounts and the privileged accounts to break into the environment without creating any suspicion. To make it an effective penetration test, the testers should look for the weakness while they are doing footprinting which involves the collecting of the information of the endpoints, devices, network infrastructure etc. which will help them in penetration testing.
Since the penetration testers now have detailed information about their target, they can now exploit the weakened and the vulnerabilities to create an entry path into the network. The penetration testers will make an effort to enter the target through the discovered entry points in the discovery phase. Once the team break into the system and the network, they need to escalate the privileges to maintain the access of the system. With privilege escalation, the penetration testers can identify the areas which are holding sensitive information such as the client data, usernames and passwords etc. If the devices such as mobiles, IoT devices, CCTV, etc. are connected to the network then the penetration testers can also attack them.
4. Analysis and Reporting
The penetration testers should keep a note of each and everything about the process and the techniques which they are following in the discovery and the exploitation stage. All the details will be included in the report with analysis of the vulnerabilities found on the network and on the endpoints, all the critical information acquired etc. The penetration testing teams will also give the remediations based on criticality of the vulnerabilities to resolve them as soon as possible.
When the real time attack happens on the network infrastructure of the organisation, most of the time the attackers leave the footprints. It’s a delicate task for the incident response team to go through all the logs and trace any suspicious events. The organisation needs to fix all the weakness and the vulnerabilities to enhance their security. The organisation can invest in privilege access solution, invest in SIEM solution to improve security. If the penetration testing is not able to break into the system despite the vulnerabilities or did not give any remediations for the vulnerabilities, then it is not an effective penetration test.
Penetration testing should be done continuously as the technology is growing exponentially and the vulnerabilities can be found at any point of time in the application or in the infrastructure of the organisation. The popular belief that we are safe and cannot be hacked is the biggest mistake that an organisation can do. If they did all the remediations based on the previous penetration test report, they should do the penetration test again to cross check the remediations are effective or not. Penetration testing should be followed by the organisation as an iterative approach since the cyber threats are evolving and the security breaches can happen any time to any organisation. 
What does an effective penetration test consist of: Tools for Penetration Testing
There are many tools which the penetration tester can use to make the normal penetration testing process an effective penetration process. Following are the tools :
SonarQube is an open source software with static analysis of code which helps to inspect the quality of code, detect the bugs in the code, get the code smells and detect any security vulnerability.
Zmap is an open source network scanner just like Nmap. With Zmap, the penetration tester can scan the entire network with the IP address of the devices. With the help of Zmap, the penetration testers can also scan the IoT devices, discover the vulnerabilities and their impact.
Hashcat is among one of the best tools available for password recovery. It uses many different techniques such as brute force attack, dictionary attack, combination etc. are used in the penetration test.
John the Ripper
John the Ripper is a penetration testing tool which exposes the weak passwords of the devices within a short period. Initially, John the Ripper was developed for UNIX systems only, but with the time now it can run on 14 different platforms as well.
What does an effective penetration test consist of: Advantages of Penetration Testing
Following are the advantages of penetration testing:
The penetration tester will help in the identification of the weakness and the vulnerabilities of the network infrastructure of the organisation. The penetration tester can also teach the staff about actions which can lead to the data breaches such as the opening of the phishing emails etc.
Depicts Real Risk
When the identified vulnerabilities are exploited by the penetration tester then the real risk faced by the organisation is disclosed. If the attack was done in real time, then all the data and the critical information would have been leaked till now and it would have been late for the organisation to increase the security. After the breach, the organisation increases security, but it is always better to be prepared beforehand.
Assure Business Flow
The penetration test assures that the organisation’s infrastructure health is in good condition and it can survive the cyber attack and the data will be safe. All the servers are up and running providing the continuity to the business and its clients.
What does an effective penetration test consist of: Disadvantages of Penetration Testing
Following are the disadvantages of penetration testing:
- Damage Creation
Most of the time the penetration test is being carried on live servers and machines. If the penetration tester is not experienced or does not do it properly, then it can crash the servers, lead to corruption of data etc., creating damage which sometimes cannot be fixed.
- Realistic Test Conditions
The penetration tester will try to be as realistic as possible, as the employees need to also create the incident response plan for the real time cyber attack. If the organisation is not giving the real scenario or the details of the organisation then the result of the penetration test will be misleading.
- Trusting Third Party Vendor
Choosing a person or a contractor to do the penetration test for the organisation can be a risky task as the person will be breaking into the organisation infrastructure and will have access to the critical information which can be taken and published anywhere, or the penetration tester can even blackmail the organisation about its secrets. So, it is very necessary to hire a trustworthy penetration tester.
What does an effective penetration test consist of: Conclusion
Penetration testing process is ethical hacking in which the penetration testers try to break into the system of the with the legal permission from the organisation to find the weakness and the vulnerabilities in the system. The aim is to discover the vulnerabilities and provide the remediation to keep the organisation secure from the hackers. The effective penetration test will involve the using of manual tools as well as automated tools to gather information. Though there are advantages and disadvantages for doing the penetration test, it is recommended that the organisations should be regularly doing a penetration test as it is a good habit to be safe from the cyber attacks.