Penetration Testing: A beginner’s point of view

Okay, so you decided you want to be a penetration tester, but you don’t know where to actually start?

And you don’t exactly know what penetration testing means, how broad it is and what skills you need to acquire to be one. Hmm.. We are on the same page exactly three months ago before I enrolled myself in a penetration testing class.

Disclaimer: Before you continue reading, I just want to clarify that I am not yet a penetration tester, I am actually a student, studying Network and Security Post Graduate Diploma, and through this blog, I would like to document what I’ve experienced and learned from my penetration testing class so consider me as a beginner too! I hope we are clear with that =)

Data and information are one of the most valuable assets of an organisation, its confidentiality, integrity and availability should be secured always, thus every organisation should take information security seriously. Cyber and malicious attack is massive nowadays so IT Security analyst and engineers are doing their best to protect their networks, servers, application systems and database, however since their view are from the inside of the organisation it is sometimes hard for them to know what attackers can exactly think and do to harm their system in a real world, this comes to the need of hiring penetration testers.

What does pen testers do?

´To assess the vulnerability of a specific system

´To test software and applications that may be a medium of an attack

´To determine if a user can be trick through Social Engineering

´To check if security applications in place can strongly protect the system

´To emulate real attack that comes with a permission

´To recommend solution in mitigating security risk

Penetration testing is being performed to emulate a real attack, the only difference of penetration tester and attacker is the permission by the owner of the system being penetrated. Attacking a system without the knowledge of its owner is illegal and subject to a criminal offence. Often, attacker’s goal is to just compromise a target system and/or steal information for their profits, political or ideological views while penetration tester will find assess vulnerabilities, give recommendations, solutions or fix them before an attacker see the loopholes.

I hope that explains quite clear what is penetration testing. On my next write up, I will tell you what are the steps needed to perform a penetration testing, information gathering tools I have first used, how I enumerate and scan them plus how my first exploit went through.

Thanks for reading =)