Penetration Testing Methodology

The Reconnaissance step will utilise both Passive and Active Information Gathering. Our consultants will utilise public domain information to collect information about your organisation and the network. Search engines will be interrogated as well as public records to try to collect information, which will help in the assessment of the target network. In the case of an internal assessment, passive information gathering will also include sniffing wired and wireless networks in an attempt to collect network protocol information, addressing details, and user credentials. Information discovered during the passive information-gathering phase is used to start probing the network map the network and identify the active hosts. Once the active hosts are identified, further probes are used to detect any open ports together with what services they are running, before using fingerprinting techniques to identify the operating system running on the host.

The assessment phase aims to check known vulnerabilities against the operating systems and services that have been identified as present in the network. Any medium level vulnerabilities and higher that are identified are manually confirmed, preventing false positives being reported. Attempts are also made to exploit common operating system vulnerabilities to check the level of privileged access that can be achieved. It is important to note that Pentest People will not carry out any checks, which are considered by the tools that are used to be ‘unsafe’. This also includes any Denial of Service DoS attacks. These service affecting checks are disabled by default in all the tools that we use but they can be can be included by request. For services that require username and password authentication, our consultants will attempt to access these resources both with the default password, and also commonly used username and password combinations. In practical terms the assessment phase typically comprises of an internal, ‘White Box’ and ‘Black Box’ tests.

At the end of the discovery and assessment phase clients are presented with an executive summary as well as a more detailed report. The summary lists the key findings along with the top ten recommendations for remedial action. A table of hosts is provided together with the total number of vulnerabilities identified at each severity level. The full assessment report goes into greater detail for each host including the open ports identified, services available on those ports, identified vulnerabilities and remediation advice. Separate sections are included for any additional advanced assessments that were carried out and cross-referenced where applicable to the host assessment data.

Once the executive summary and full assessment report are created they are uploaded to the secure document area of the Pentest People SecurePortal for review prior to scheduling a de-brief call or if required a face to face meeting. The de-brief call or meeting is an opportunity for you to discuss any major issues arising from the assessment with the lead consultant who will formally present the findings of the report.

Finally, Pentest People can offer an additional Remediation Consultancy Service as part of their PTaaS offering. This service offering completes the Penetration Testing process by providing a prioritised approach to remediating any security issues identified as part of the engagement. This remediation service is a two-stage process. The initial phase involves one of our specialised consultants reviewing the findings of the Penetration Test report and aligning this with your business requirements to create a prioritised approach document that contains remediation advice for all of the identified issues ranked in order of risk. Once this report is created, it is provided and can then be implemented either by your own internal IT staff, your incumbent IT provider or Pentest People as part of the engagement, therefore, taking away the time pressures of ensuring your infrastructure is secure and free from security issues.