HomeSecurity Testing Concepts

Security Testing – The 5 Phases of Penetration Testing

Security Testing – The 5 Phases of Penetration Testing
While the Vulnerability Assessment is performed to identify and report the vulnerabilities in the system, Penetration Testing is performed to exploit/attack the identified vulnerabilities to check whether the identified vulnerabilities can be compromised. The following are the 5 different phases of Penetration Testing:
The 5 Phases of Penetration Testing: The following are the different phases that are performed as part of Penetration Testing:
  • Reconnaissance: During this phase, the security testing team will gather as much information as possible about the target before performing any attacks. The purpose of this phase is to better plan the attacks based on the information gathered. Reconnaissance can be categorized as below:
    • Passive Reconnaissance: As part of this, the information about the target system will be gathered without interacting with the system. The following are few examples:
      • Google Hacking: Searching for the target system on Google
      • Dumpster Driving: Searching for the information in the trash bins of the targeted system.
      • Information posted by the targeted system as part of New Releases or Job posts etc. will be gathered.
    • Active Reconnaissance: This involves targeting the system directly for retrieving the information. The following are few examples:
      • Contacting an employee and asking for details of the targeted system.
      • Using non-intrusive network techniques for scanning the targeted system and retrieving the information.
  • Scanning: Scanning is performed on the target application with an intention of identifying the vulnerabilities that can be exploited in later phases for gaining access. Security Testing team will use the technical tools for scanning. The following are few example tools which will be used by the Security Testing teams for scanning:
    • Vulnerability Scanners
    • Port Scanners
    • Ping Tools (Example: ICMP Ping tool can be used to check whether the system is alive on the network)
    • Network Mappers (Example: After finding whether the system is alive on the network using Ping tools, Network Mappers like NMap can be used to detect the open ports and find the services that are running on the system)
  • Gaining Access: Security Testing team exploits the system to gain access, by compromising the identified vulnerabilities in the earlier phases. Once the team gains access to the system and has complete control over the system, the attacks will be performed on the system or use the access gained to launch attacks on the other system. Tools can be used by the team to gain access and complete control over the system.
  • Maintaining Access: Once the access is gained in the earlier phase, the team has to take steps to continue gaining access to the system. In order to maintain access to the system, the team can install tools like Rootkits, Trojans, Creating Admin account and other back-door tools. The team will be able to maintain accessing the system remotely while the installed tools keep running in hiding/stealth mode. The team can also add the exploited system to a botnet, in order to gain more control over the system or perform attacks on the other targets.
  • Covering Tracks: Finally, the team will take steps to delete the traces of attack with an intention of not getting detected. As part of this, the team may follow the below activities:
    • Modify/delete application and system logs to avoid detection and prosecution. The team can do it manually or by using tools.
    • Hide data using stenography techniques for avoiding detection by any anti-virus software.
    • Make sure that the installed tools like Rootkits, Trojans and other back-door tools remain hidden.
    • Using evasion techniques for spoofing the IP address to deviate the detection team in the wrong direction.

The following image depicts the 5 phases of Penetration Testing:

Conclusion: Penetration Testing will be performed by the security testing teams by exploiting the identified vulnerabilities in the system. As part of Penetration Testing, all the above-specified phases will be performed.

Please leave your questions/comments/feedback below.

Happy Learning 🙂

Arun Motoori (

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *