What Is Penetration Testing?

Table of Contents

• Meet Our Expert: Patrick Gorman
• What is Penetration Testing?
• The Vulnerability Assessment and Penetration Testing (VAPT) Process
• The 5 Stages of Pen Testing
• 5 Pen Testing Methods
• The Pen-Tester Career Path
• Learning Pen Testing at NGT Academy
• The Future of Pen Testing
• Favorite Pen Testing Resources from a Cybersecurity Professional

Cybersecurity is an essential part to many modern businesses and neglecting it can be costly. To identify a system’s vulnerabilities that can be exploited by criminal hackers, cybersecurity professionals conduct penetration tests. But what exactly is pen testing? And how do you become a pen tester? NGT Academy instructor Patrick Gorman breaks down pen testing for us, from the VAPT process to the 5 pen testing methods. Plus, learn more about the typical pen tester career path and how NGT Academy is training the next generation of cyber security engineers!

Meet Our Expert: Patrick Gorman

• Patrick is an instructor at NGT Academy.
• Patrick has over 10 years of experience in the IT field, and holds InfoSec certifications as well as CEH, CHFI, ECSA, LPT, OSCP, CISSP, SSCP, and Sec+ certifications.

What is Penetration Testing?

Penetration testing (aka pen testing) is a security exercise where a cybersecurity expert attempts to find and exploit vulnerabilities in a computer system. Pen testing is important because it can bring attention to areas of a website that might be attacked. By allowing a responsible professional to test your systems, you can avoid costly mistakes and fix vulnerable areas in your systems.

Pen testing is often paired with a vulnerability assessment to effectively find flaws in a system. 

While ethical hacking also includes hacking methods, pen testing is different because it generally looks at a narrow or specific weakness whereas ethical hackers look at a larger picture of the system as a whole. 

How often are pen tests done?

Pen tests are generally done once or twice a year. Frequency can also depend on things like changes in cyber policy, changes in infrastructure, risk tolerance, and other factors. Regular pen tests are essential for ensuring that companies aren’t hit with major data breaches.

The Vulnerability Assessment and Penetration Testing (VAPT) Process

The VAPT process is a general procedure that pen testers follow. While vulnerability assessments and penetration tests are technically two separate procedures, they can be performed alongside one another to determine how strong a system’s cybersecurity is. There are many different pen tests for all types of systems, but they will follow the VAPT procedure for most situations.

Vulnerability tests are generally conducted to test and pinpoint where a system has weaknesses, such as being vulnerable to SQL injections. A penetration test can be paired with this assessment to probe these weaknesses and find out more information about a system’s defenses and areas that need improvement. Pen testers provide a detailed report to their clients after they’re finished testing.

When would an outside vendor be used instead of an in-house security team?

Many companies and businesses have in-house security teams, but sometimes it’s necessary to have an outside vendor complete a pen test. In larger industries where businesses are compliant with federal regulations, outside vendors complete pen tests to ensure companies are actually compliant. These industries include:

• Healthcare and the need for HIPAA compliance
• Finance and stock exchanges
• Credit card companies and PCI DSS compliance

If your business isn’t required to be compliant with federal standards, chances are you don’t need an outside vendor to do a pen test.

The 5 Stages of Pen Testing

1. Reconnaissance -  This is the information gathering stage. In this stage, a pen tester is looking for emails, LinkedIn lookups, DNS lookups, and anything else that might help.
2. Scanning - This stage involves tactics like looking at a company’s website to see how it runs. There are two types of scans: passive and active. Active scans can interact with the website to find vulnerabilities and see how it responds to attacks. Passive scans don’t interact with a website, and instead monitor activity and give information on how it runs. 
3. Gaining Access - This phase involves getting behind a website’s defenses using various methods, including SQL injections, cross-site scripting, and backdoors.
4. Maintaining Access - After the initial access and with the client’s consent, pen testers will try to maintain long-term access by using tools like trojans to see if they can remain undetected and figure out where breaches could happen. 
5. Covering Tracks - This is an important phase where a pen tester removes any traces of what they did. A pen tester removes any logs to remain anonymous and when a network security person checks on suspicious activity, there’s nothing there.

5 Pen Testing Methods

1. External Testing
An external network pen test is designed to test the effectiveness of perimeter security controls to prevent and detect attacks as well as identifying weaknesses in internet-facing assets, such as web, mail, and FTP servers. All you need is an IP address for a firewall in order for an external test to be done. 

2. Internal Testing
An internal network pen test is performed to help gauge what an attacker could achieve with initial access to a network. An internal network pen test can mirror insider threats, such as employees intentionally or unintentionally performing malicious actions. 

3. Blind Testing
Blind testing imitates a real cyber-attack, apart from the fact that the company has authorized it. The information given is limited and the pen tester has to figure out most of the firm’s information, just as a real hacker would.

4. Double-Blind Testing
Double-blind testing is similar to blind testing, apart from that there is someone in the organization who is aware of the activity going on. The test is done to determine how fast and effective the security team’s ability to monitor or respond. This test prepares the team for a potential real attack and identifies where loopholes in the system need to be sealed.

5. Targeted Testing
Targeted testing involves the corporate IT team that works together with external professionals to determine the vulnerability of the company’s systems. The task is conducted on an open network where the team is able to compare their findings and find solutions to strengthen systems to prevent potential attacks.

What happens after a pen test is complete?

Once a pen test has been completed, the security team reviews the results and discusses them with the client. The pen testing team should think about developing a remediation plan for the client that remedies anything broken and needing to be fixed.

The Pen-Tester Career Path

Everyone has to start as a beginner at some point, and pen testing is no different. Junior-level pen testers will run tests and complete reports on the results. Higher-level pen testers have the ability to complete more sophisticated tests. There are other tech roles like software engineers may occasionally perform pen tests, but a pen tester focuses on pen testing.

What certifications do you need to become a pen tester?

Pen testers aren’t required to have specific certifications, but there are some that can certainly help. Vendor certifications like CompTIA Security+, Offensive Security Certified Professional (OSCP), and Certified Ethical Hacker (CEH) among others can be useful to professionals interested in pen testing. Junior-level pen testers will generally hold a CompTIA Security+ or CEH certification.

What are the tools that pen testers use?

Pen testers use a variety of tools to get their job done. These tools include Nmap, Wireshark, Metasploit, Hashcat, John the Ripper, Hydra, Nikto, and Burp Suite.

Do pen testers need to know how to code?

While it isn’t necessary to be a coder in order to work as a pen tester, it’s useful to be able to understand coding languages and parse out information. Having an understanding of Python, Ruby, and C++, as well as other languages like PHP, JavaScript, MySQL, Java, HTML, and CSS can be helpful.

Learning Pen Testing at NGT Academy

NGT Academy includes pen testing labs in the Cyber Security Specialization bootcamp that simulate certain elements of a pen test. You don’t need to know anything about pen testing before enrolling in the Cyber Security program. NGT Academy will provide you with all of the knowledge and tools you need to learn pen testing.

The Future of Pen Testing

Cybersecurity is a field with plenty of potential and it’s set to explode in the coming years — There’s never been a better time to get started! The future of cybersecurity will likely include more artificial intelligence (AI), but there will always be a need for a human being to make decisions and figure out next steps. The processes (like VAPT) will remain largely the same, and while we will depend on many of the same tools, there is always the potential for new ones to be added to the mix. 

Favorite Pen Testing Resources from a Cybersecurity Professional

While it’s great to practice with HackTheBox and other testing tools, I stress to students that they should set up their own testing environment. By setting up your own testing environment you are able to put your knowledge into practice.

Find out more and read NGT Academy reviews on Course Report. This article was produced by the Course Report team in partnership with NGT Academy.