Summary

In this chapter, we have discussed several penetration testing methodologies. We have also described the basic terminology of penetration testing, its associated types, and the industry contradiction with other similar terms. The summary of these key points is highlighted as follows:

• Penetration testing can be broken into different types, such as black box and white box. The black box approach is also known as external testing, where the auditor has no prior knowledge of the target system. The white box approach refers to internal testing, where the auditor is fully aware of the target environment. The combination of both types is known as a gray box.
• The basic difference between vulnerability assessment and penetration testing is that vulnerability assessments identify the flaws that exist in the system without measuring their impact, while penetration testing takes a step forward and exploits these vulnerabilities in order to evaluate their consequences.
• There are a number of security testing methodologies, but very few provide stepwise, consistent instructions on measuring the security of a system or application. We have discussed five such well-known open source security assessment methodologies, highlighting their technical capabilities, key features, and benefits. These include OSSTMM, ISSAF, OWASP, PTES, and WASC-TC.
• We also presented a simplified and structured testing framework for penetration testing. This process involves a number of steps, which have been organized according to the industry approach toward security testing. These include target scoping, information gathering, target discovery, enumerating target, vulnerability mapping, social engineering, target exploitation, privilege escalation, maintaining access, and documentation and reporting.
• Finally, we discussed the ethical view of penetration testing that should be justified and followed throughout the assessment process. Considering ethics during every single step of an assessment engagement leads to a successful arrangement between auditor and business entity.

The next chapter will guide you through the strategic engagement of acquiring and managing information taken from the client for the penetration testing assignment.