From Zero to your first Penetration Test

Cristian Cornea
6 min readJan 25, 2021
(Source: Unsplash)

Are you looking to get into Penetration Testing, Ethical Hacking, or Red Teaming? If the answer is yes, then this article is definitely for you!

What is a Penetration Test?

A Penetration Test, or commonly named “Pentest”, is the process of evaluating the security weaknesses of an organization’s assets, using similar methodologies to the ones used by real attackers.

Penetration Test = Vulnerability Assessment?

The answer is clearly, NO!

A Pentest is not equal to a Vulnerability Assessment, and a lot of people tend to confuse the terms. From my experience, I have encountered clients that requested a Penetration Test, but in reality, they wanted a Vulnerability Assessment, or vice-versa. So, it is very important for you, as a Security Expert, to explain the differences between those two terms.

Vulnerability Assessment:

  • Covers a decent amount of security issues
  • Exposes low-hanging fruits and probably some risky issues
  • The quality of results depends on the scanners used
  • Automated around 90%, and manual work around 10%

Penetration Test:

  • Covers most of the…

--

--

Cristian Cornea

🇷🇴 Founder: Zerotak Security | Cyber Security Training Centre of Excellence (CSTCE) | SectionX.io | BSides Transylvania