What is penetration testing? | Lifecycle & types of Penetration Testing

Introduction

Penetration Testing is also known as Pen-Testing or Ethical Hacking. It is a profession where one hacks “Legally” documents the findings and methodology and submit it to the concerned authorities which sanctioned the test. 

There are many methodologies and frameworks which pentesters use for their testing, for the sake of simplicity we will stick to the generic approach. Before diving into these things let us see how many types of penetration testing exist.

●       Network Penetration Testing(Ethernet & Wireless)

●       Web Application Penetration Testing

●       Mobile Penetration Testing

●       IoT(Internet Of Things) Penetration Testing

●       Cloud Penetration Testing

Lifecycle of a Penetration Testing

The lifecycle or the flow of a penetration test goes as follows:

●       Engagement

●       Information Gathering/OSINT

●       Footprinting & Scanning 

●       Vulnerability Assessment

●       Exploitation

●       Reporting

Engagement generally consists of 2 parties, namely a tester and the company/business sanctioning that test. It consists of an agreement on some policies and documents such as NDA (Non-Disclosure Agreement), Scope of the Test, Restrictions, etc.

Information Gathering is a very important stage and every penetration tester should take his/her time here. Information can be gathered in various ways, passively as well as actively. Passive information gathering can be done via OSINT (Open Source intelligence), which consists of using publicly available information to your benefit. Active information gathering refers to getting the information from the business itself, from their site, company grounds, number of security cameras in the vicinity, etc. 

Foot Printing or Scanning also referred to as banner grabbing refers to when we scan the system, website, or premises for everything. For example, the nmap tool is used to scan the network for open ports, services running, etc. We see how the architecture is built and what all the entry points are. 

Vulnerability Assessment is a stage where we try to find the possible vulnerabilities which could be triggered through entry points we found in the previous step. We list out the vulnerabilities and assess them based on their risk level. SQLi vulnerability has a high-risk score than a sensitive information leak. 

Exploitation is a phase where we try to exploit that vulnerability and access anything that vulnerability is exposing. Suppose SQLi Vulnerability can be exploited to get sensitive data from the database, it could be the password or sensitive information like credit information, etc.

Reporting is very important as the report should be precise so that the company/business can patch its system and be secure. Reports usually contain POCs, the document of Vulnerability assessment, and notes to mitigate these problems. 

Let us have a brief on those domains discussed earlier.

Network Penetration Testing

Computer Networks are the basic building blocks of any technology or organization. Without networks, our computers and the internet would seize to exist, and this would dramatically affect the information exchange between countries and people. It is necessary to secure our networks.

Hackers often target networks because they get to pivot in the network and find loads of important, private data of the employees and company. The role of Network Penetration Testers is to stop this from happening. They see to it that server rooms are secured, and only essential personnel are allowed in the server room. Firewalls, IDS, and IPS are installed. Honeypots if necessary are also set up so that if any hacker targets the company, they would not any data out of it.

In this decade, the rise of wireless networks was massive, every home, and organization have these installed for convenience. The standard used now for wireless security is WPA3, before it WPA2, WPA, and WEP followed which quite easy to hack. WEP is the easiest to crack. Wireless testing is also conducted by NPT (Network Penetration Tester).

Web Application Penetration Testing

Web application penetration testing is also known as WAPT. These kinds of testers are most in demand in the industry right now. We can see every piece of information there is, is presented to us in form of a website. A website is built upon many technologies such as Node JS, React JS, java, HTML, etc. There is a database connected to the website for fetching content, like MySQL, MongoDB, etc.

Securing Web applications also comes with its challenges. As you are aware, the pool of technologies used in making websites is very vast. So these testers/ethical hackers should be aware of these technologies too. They find vulnerabilities in the website and report them to the owners of that website so that they can patch the system. The vulnerabilities are mostly from OWASP Top 10 but many vulnerabilities exist outside of this framework.

OWASP Top 10

The list was updated in 2021. Above is the latest Top 10. Source - OWASP Top 10:2021

Mobile Penetration Testing

Mobiles/Smartphones have taken over humans immensely. The number of applications that are being developed for smartphones is large in numbers, and the current volume of applications is also enormous.

There are 2 main platforms or OS on which MPT tests applications.

1. Android
2. Apple IOS

Both vary in their methodologies when it comes to pen-test the applications based on these two platforms.

Cloud Penetration Testing

The evolution of technology gave birth to cloud platforms, which means now organizations don’t have to maintain server room houses, they can outsource that hassle to companies like Amazon, Google, Microsoft, IBM, etc.

Cloud platforms have their data centers which are loaned to us so that we can host our applications on them. The use of cloud platforms is financially beneficial to any organization, because the fees/cost of the resources used is on a pay-as-you-go model, meaning we have to only pay for resources used.

Most of the small organizations have shifted their work to the cloud, so many websites are still hosted on cloud platforms, and it is necessary to make them secure, there are services offered to make sure that your infrastructure is secure but not all the responsibilities lie with cloud providers. That is why we need CPT.

IoT (Internet of Things) Penetration Testing

IoT means connecting every non-living thing to the internet, which is still debatable. Elaboration of this definition is that everything should be smart like smart homes, smart LED lights, Smart cars, and much more.

These are made smart by attaching microprocessors or designing custom motherboards for processing. So sometimes some issues arise due to this. Securing these is also a challenge because one should know, architectures, microprocessors, and how to design boards so that they can exploit them.

IoT Hacking/Penetration Testing is still new and many developments are still being made in this domain. I think this is the future of Hacking. There have been many demonstrations of smart cars being hacked in the DEFCON. IoT Penetration Testers make sure that your IoT devices are secure.

Why should businesses perform Penetration Tests?

Penetration Tests can be viewed with skepticism at first, but it is very helpful for businesses to have these. After the covid-19 hit the world and during too, many data breaches made the headlines, all the companies started investing in their security posture to make sure that didn’t happen to them. If your data is compromised that means the client data is breached and you cannot have that. 

Penetration Test frequency is decided based on the company's requirements and how big the company is. Big companies like Amazon, Meta, Dell, etc. need these tests to be conducted on daily basis or at least on an alternate basis because their development trend is very rapid, small businesses can perform this activity once or twice a week or with every big feature push.

How much time does a penetration test take? 

Penetration Tests take time, yes they do base on how big the business is and how many testers are working on the job. The single tester can test a small business within 3-5 days. When dealing with huge co-operations there is a whole dedicated team of penetration testers who work on different aspects of the company. This can take from weeks to months, based on the scope of the test. Penetration Tests can be performed remotely as well as in an on-site setting. Now you are aware of the benefits of penetration testing and why it is important for businesses.