Whether you are looking to perform a penetration test for the first time, sharpening up your skills as a penetration tester, or a business looking to learn more about what goes into a penetration test and what to do after – Tim Medin and the Red Siege Information Security team have created a unique version of our SiegeCast dedicated to breaking down all the steps for you in this 3-part series.
Part 1: The Start
How successful a penetration test is performed and reported can be set into motion with proper attention to the plan.
For the tester; Understanding the target, defining the goals and discovering the need for the penetration test is crucial. Learn about the various types of Pen Tests, How to establish the rules of engagement, and how to be valuable to a client.
For the target business/client; What to provide and what to ask for from your tester is are all covered here for you.
Part 2: The Method
Whether you are performing the penetration test or hiring out to perform a test, it is essential to know the process and procedures that provide actionable results.
For the tester; Asking the proper questions and getting familiar with reporting tools, and having a plan of attack that provides value makes the difference for you and the clients. Learn effective tools and tricks when performing a test, and how to pivot if you run into “trouble.”
For the target business/client; Having an understanding of what a tester is going to be performing inside of your network gives you the insight on how to provide scope to make sure you are getting the value and actionable plan you are looking for.
Part 3: The Report
In the end, this is the most important part of the entire penetration testing process. Everything that provides value to tester and the client comes down to how well they generate an effective and digestible report.
For the tester; Understanding the role of the report will change the way you approach the process. Learn valuable skills and process, formatting and presentation.
For the target business/client; The report defines everything you hire a tester for such as your current abilities to defend and where you need to make changes to increase your security position. Learn from examples of various tests, how to communicate what you are looking for and how to break down the information provided.