Planning and Reconnaissance:
The first step in ethical hacking is to define the scope and goals of a test as well as the testing methods to be followed. It also addresses intelligence to understand the potential vulnerabilities and how a target works. The prospective footprinting is made through search engines, web services, social network sites, DNS, email, network, etc. by using footprinting tools.
Scanning:
In the second step, scanning is performed to understand how a target reacts to various intrusion attempts, in two ways – when the application’s code is static and when the application’s code is functioning. The later is the most practical way to understand the application’s performance in real-time.
Gaining Access:
This is a crucial step where the web application is attacked using SQL injections, cross-site scripting, backdoors, etc. to find the vulnerabilities and then exploit them by stealing, intercepting traffic, and interfering privileges to understand the amount of damage that it can cause.
Maintaining Access:
In this step of penetration testing, the vulnerability is used as a persistent presence for a long duration in the infected system in order to steal sensitive information or to spread inside the network, quickly gaining access to the server.
Analysis:
The final stage of a penetration test is to compile the result by analyzing and commenting about the vulnerabilities exploited, access to the data, and the amount of time that the tester can remain unnoticed in the system.
Comments
Post a Comment