Each and every web application penetration test is conducted consistently using industry standard frameworks, in order to ensure a sound and comprehensive penetration test. At a minimum, the underlying framework is based upon OSSTMM but goes beyond the initial framework itself.
The first phase in a physical penetration test is focused upon collecting as much information as possible about the target. Passive reconnaissance, otherwise known as information gathering, is one of the most important steps of a penetration test. This is done through the use of public tools, such as Google and DNS records. As a result, it is usually possible to learn a great deal about the target’s surroundings and environment.
Open Source Intelligence
An important phase in a penetration test focuses upon collecting as much information as possible that is freely available. Open Source Intelligence Gathering can be quite telling about a target. This type of information gathering is done through the use of social networks, job boards, etc. Through thorough analysis, it helps to paint a picture of the target and its primary operations.
Active reconnaissance in a penetration test involves gathering information offline: this type of test starts to interact with the target.
Covert observation is exactly what is sounds like: this includes covert photography of the target up close in an effort to identify physical security controls and monitoring staff as they are coming and going.
Infiltration, Exploitation & Post-Exploitation
During these phases, InfoSec Governance security consultants carry out the plan by exploiting vulnerabilities discovered using information and intelligence captured during the earlier phases of the assessment. Post-exploitation involves penetrating further into the environment and setting up to maintain a persistent backdoor.