When one hears the word hacker, the first thing that comes to mind is a person that can break into systems and hack private or government facilities. That particular activity is called penetration. For black hat hackers, that is the act itself but for white hat hackers, the act is better known as penetration testing. They’re basically the same but in this case, the security professional, aka white hat, has the permission of the company or organization.
What is penetration testing for? A penetration test, better known as pen test, is a simulated attack against a computer system, intended to check the system for vulnerabilities. The reason hackers can get into secure networks or computer system is because of weaknesses, or holes in security. Those weaknesses can be anything, a weak firewall or a lack thereof, weak passwords to administrative access, badly coded software systems as well as vulnerabilities in hardware and firmware.
Pen tests are intended to find such weaknesses and when found, companies do something about them from simply augmenting computer usage and security policies, purchasing expensive firewalls, to rewriting important systems.
Pen Testing Stages
Security professionals and even black hats don’t just sit in front of a computer and do their thing. There are basically five stages to penetration testing. These are:
- Planning – what the overall goal is and gathering intelligence such as the system in question and its elements such as domain names, operating systems and email servers. Understanding how the target works and determining potential vulnerabilities.
- Scanning – understanding how the target responds to attempts at intrusion.
- Access – the pen tester tries to see where the system is vulnerable though various attacks such as scripting, SQL injection and system backdoors. Once in, they then see how far they can go by escalating privileges, intercepting traffic, stealing data and other activities where they can do the most damage (simulated of course). The tester then checks to find ways on how they can maintain access as long as possible. Hackers can stay for months within an infiltrated system to steal as much data as they could. This is otherwise known as an advanced persistent threat.
- Analysis – is where the pen tester compiles his findings which include what vulnerabilities were present and exploited, the data that was accessed and the amount of time the pen tester or hacker can stay in the system undetected.
Pen Testing Methods
There are several methods to penetration testing which we’ll discuss briefly. These are:
- External Testing – where the tester will access the company externally through the company website, email servers and domain servers.
- Internal Testing – is where the tester simulates an attack by a malicious insider, or a spy. They’re usually outsiders or even rogue employees who gained stolen credentials.
- White Box Test – is where the company give the tester some system and security information in order to quickly allow the tester to find vulnerabilities.
- Blind Testing (Black Box) – is related to external testing wherein a tester is given only the name of the target organization and nothing else, but with internal security watching so they can learn how the attack is carried out. With a double-blind testing, the company is aware of the attack, but the security personnel aren’t, as a way to measure their effectiveness.
- Targeted Testing – is where the pen tester and security personnel work together to penetrate the system. The security personnel gains valuable insight through a hacker’s POV.
Top Pen Testing Tools
Below are just some of the well-known tools of the trade. Many of which are open-source and accessible to both beginners and seasoned pen testers.
- Kali Linux – is widely-known as the operating system of choice for penetration testers with features and tools to help in the trade. [ How to install Kali Linux? check our article here]
- Zed Attack Proxy – is ideal for those who are new to penetration testing. It’s a web application security scanner as well as a proxy server which allows pen testers to examine the traffic that passes through it.
- SQLMap – is a popular SQL Injection tool which supports most SQL platforms to detect and map vulnerabilities in SQL-based systems.
- Nessus – is a popular penetration testing tool used by over 27,000 companies with a wide array of plugins. This application will scan for open ports, misconfigurations and weak passwords.
- W3af – or Web Application Attack Frameworks is a great tool used to find and exploit vulnerabilities in all web applications and can be used by beginners and seasoned pen testers.
- NetSparker – is another popular tool for web application and penetration testing which can automatically identify anything from SQL Injection to cross-site scripting and is powerful enough to scan up to 1000 web applications at a time.
- WireShark – is an award-winning cross-platform network analyzer that can be used to quickly capture and analyze network packets.
- Metasploit – is a widely-used if not the world’s most used penetration testing automation framework. This tool allows network admins to easily break in and identify fatal weak points. It can also easily be used by beginners.
- John the Ripper Password Cracker – as the name says is a specialized tool for password-cracking.
- Aircrack – is a tool which specializes in detecting flaws in wireless connections.
Penetration testing is a popular emerging career path for many, as important as safety professionals are for many organizations. This comes in an age where digital security and data privacy are of the highest priority. The demand for pen testers is expected to rise by 32% in the coming years up to 2028 making it a viable career choice.
While it takes mad computing skills and intense interest to become a hacker or penetration tester, a degree in computer science would greatly be of great help and most of the tools are free and open source. If you want the thrill and excitement of hacking, without the threat of jail, cybersecurity and penetration testing is a good career path.