Post

Basics of Penetration Testing

Introduction to penetration testing including web and network attack vectors, techniques, tools, and examples.

Posted
Terminal with open-source pentesting tools
Terminal with open-source pentesting tools
By Muhammad Arafat
1 min read
Basics of Penetration Testing

Introduction

Penetration Testing (Pentesting) is the practice of simulating cyberattacks against systems to uncover vulnerabilities before malicious actors do. It involves various tools and techniques, and spans both web applications and network infrastructure.

Types of Pentesting

Web Application Pentesting

  • Testing web apps for flaws like:
    • SQL Injection
    • Cross-Site Scripting (XSS)
    • Broken Authentication
    • Insecure Deserialization
    • CSRF and more

Network Pentesting

  • Focused on networks, routers, switches, etc.
  • Activities include:
    • Port scanning
    • Banner grabbing
    • Vulnerability scanning
    • Exploiting unpatched services

Checklist

  • Reconnaissance
  • Scanning
  • Exploitation
  • Post-Exploitation
  • Reporting

Important Concepts

Firewall
A network boundary device that filters traffic based on rules.
Payload
The malicious component sent to exploit a vulnerability.
Shell
A command interface attackers use after gaining access.

Tools

ToolPurposeCategory
NmapNetwork discoveryNetwork
Burp SuiteWeb proxy and scannerWeb
MetasploitExploitation frameworkExploits
NiktoWeb server scannerWeb
WiresharkPacket analysisNetwork

Recon Script Example

1

nmap -sC -sV -oN recon.txt 192.168.1.10

Diagrams

flowchart TD
  A[Reconnaissance] --> B[Scanning]
  B --> C[Exploitation]
  C --> D[Post-Exploitation]
  D --> E[Reporting]
Cybersecurity, Demo
pentesting web network
This post is licensed under CC BY 4.0 by the author.

Trending Tags

network pentesting web