About Penetration TestingLearn More
Think of penetration testing as a way to use hacking skills for good. By conducting a pen test, you are effectively simulating a cyber attack on your own applications in order to identify weaknesses in firewalls or servers.
Sort by:
Sorting
The newest
Most visited
Course time
Subtitle
Filtering
Courses
Subtitle
Pluralsight
Matthew Lloyd Davies
Specialized Attacks: Hardware Product Testing 53:38
English subtitles
04/18/2023
Subtitle
Pluralsight
FC
Specialized Attacks: Physical and Social Engineering 34:40
English subtitles
04/18/2023
Subtitle
Pluralsight
Matthew Lloyd Davies
Specialized Attacks: OT and ICS 1:12:21
English subtitles
04/18/2023
Subtitle
Pluralsight
Alexander Tushinsky
Pen Testing: Planning, Scoping, and Recon 1:13:59
English subtitles
04/18/2023
Subtitle
Books
Frequently asked questions about Penetration Testing
Penetration testing, or pen testing, is the process of attacking an enterprise's network to find any vulnerabilities that could be present to be patched. Ethical hackers and security experts carry out these tests to find any weak spots in a system’s security before hackers with malicious intent find them and exploit them. Someone who has no previous knowledge of the system's security usually performs these tests, making it easier to find vulnerabilities that the development team may have overlooked. You can perform penetration testing using manual or automated technologies to compromise servers, web applications, wireless networks, network devices, mobile devices, and other exposure points.
There are many types of penetration testing. Internal penetration testing tests an enterprise's internal network. This test can determine how much damage can be caused by an employee. An external penetration test targets a company's externally facing technology like their website or their network. Companies use these tests to determine how an anonymous hacker can attack a system. In a covert penetration test, also known as a double-blind penetration test, few people in the company will know that a pen test is occurring, including any security professional. This type of test will test not only systems but a company's response to an active attack. With a closed-box penetration test, a hacker may know nothing about the enterprise under attack other than its name. In an open-box test, the hacker will receive some information about a company's security to aid them in the attack.
Penetration tests have five different stages. The first stage defines the goals and scope of the test and the testing methods that will be used. Security experts will also gather intelligence on the company's system to better understand the target. The second stage of a pen test is scanning the target application or network to determine how they will respond to an attack. You can do this through a static analysis of application code and dynamic scans of running applications and networks. The third stage is the attack phase, when possible vulnerabilities discovered in the last stage are attacked with various hacking methods. In the fourth stage of a penetration test, the tester attempts to maintain access to the system to steal any sensitive data or damaging systems. The fifth and final stage of a pen test is the reporting phase, when testers compile the test results.