Name: Ehsan Raza

Roll No: F21RDOCS1M08054

Department: BSCS
Semester: 5th(M2)
Subject: Information Security
Submitted to: Sir Mazhar Shahid Naqshbandi
 SEARCH WORK:

Topic: Penetration Testing

Penetration Testing:
In simple words Penetration testing is the art of finding an open door (1) in security of an
application or a system. It also simply known as Pen-Testing or Security Testing and also as
ethical hacking. It is the technique employed to locate vulnerabilities in a security system before
an attacker tries to exploit it. In penetration testing the tester tries to gain access to networks or
systems resources without the knowledge of user credentials like usernames and passwords in
order to check the sustainability of that system (2).
Most important parts of penetration testing
include, identifying the input vectors of a web application and checking the results of an attack.
These indicate where an attack could be introduced and whether an attempted attack was
successful or not (3).

Importance of Penetration testing:

Penetration testing shows whether vulnerabilities are present in your system or not, from where it
is possible for an attacker to penetrate. Penetration testing also include reporting proactive
measures for protecting the system and enhancing comprehensive defensive strategy. These
penetration tests are often required and employed by security agencies, law-and-order agencies,
information systems auditors and other stockholders (2).
Penetration tests are important for several reasons like (2) : -
1. Determining the possibility of particular attacks to take place.
2. Discover high risk vulnerabilities resulting from low-risk vulnerabilities.
3. Identifying vulnerabilities that may be difficult or impossible to detect with general
scanning software.
4. Identifying magnitude of a successful attack to a vulnerable network.
5. Testing capabilities of network defenders to detect and response to network attacks.
 6. Provide evidence to increase allocations in security budgets.

5 phases of Penetration Testing:

Penetration testing is procedural mechanism, which is done in various steps, performed in
generally five phases which are explained below (2) (4).
1. Planning and Reconnaissance:

This phase includes planning and reconnaissance. In Planning, scope (what, which, why,
who, and how) of the test is determined. After the scope of the test is done, then
reconnaissance is done in which information (as much as possible) is gathered about
target network. Reconnaissance may consist of identifying target network status,
operating systems, IP addresses range, open ports, domain name, DNS, DHCP, Wi-Fi
Key, Mail Server Records etc. Host Finger Printing, Port Scanning, Network Mapping,
Network Enumeration are usually considered in reconnaissance (2) (4).

2. Scanning or Exploration:

This is the second phase that deals with exploring and scanning the entire network based
on necessary information gathered in reconnaissance. For example, using opened ports,
the tester can enter the network and explore the network more deeply. Tester scans the
network for discovering network devices, firewall rules, users accounts and access
control etc. Exploration and scanning include host exploration, services identification and
platform identification, etc. (2) (4).

3. Gaining Access (Vulnerability Assessment and Exploitation):

This phase includes vulnerability assessment and exploitation. Vulnerabilities are actually
weakness in the system. Vulnerability assessment is the process of computing, ranking
and pinpointing the vulnerabilities in the system. Penetration testers may use automated
tools for known vulnerabilities. In exploitation, the tester deals with various attacks (e.g.,
Dos, injection, brute force, buffer overflow, etc.) to the target network. The penetration
tester tries to exploit for different vulnerabilities discovered in vulnerability assessment
and gains access to system resources (2) (4).

4. Maintaining Access:

After gaining access to system resources, it is important to maintain that to ensure future
access if any troubles come. This is done by placing different tools or items into the
system, e.g., Rookit, Trojan, Backdoor (2) (4).
 5. Covering tracks, Reporting and Recommendations:

This is the last phase of penetration testing which includes (2) (4):
 Covering tracks: Steps done to hide the work of the test done by various attack on
the system so that it cannot be noticed, e.g., clearing the logs and obscuring
trojans and malicious backdoor programs.
 Reporting and Recommendation: Documentation is done by the tester. This is
final document which includes a cover sheet, executive summary of
vulnerabilities found in the network, threats imposed from these vulnerabilities,
list of tools used and most important final recommendation after overall
examination of test report. Final recommendation is comprising of preventive
proposals against founded vulnerabilities.

References:
1. Geer, D., & Harthorne, J. (2002, December). Penetration testing: A duet. In 18th Annual
Computer Security Applications Conference, 2002. Proceedings. (pp. 185-195). IEEE.
2. Yaqoob, I., Hussain, S. A., Mamoon, S., Naseer, N., Akram, J., & ur Rehman, A. (2017).
Penetration testing and vulnerability assessment. Journal of Network Communications and
Emerging Technologies (JNCET) www. jncet. org, 7(8).
3. Arkin, B., Stender, S., & McGraw, G. (2005). Software penetration testing. IEEE Security &
Privacy, 3(1), 84-87.
4. Shahi, M. A. (2021). CEH-v11-Study-Guide_1-Introduction.md a... · imrk51_CEH-v11-Study-
Guide · GitHub. Retrieved from GitHub: https://github.com/imrk51/CEH-v11-Study
Guide/blob/main/modules/1-introduction.md