From Zero to your first Penetration Test
Are you looking to get into Penetration Testing, Ethical Hacking, or Red Teaming? If the answer is yes, then this article is definitely for you!
What is a Penetration Test?
A Penetration Test, or commonly named “Pentest”, is the process of evaluating the security weaknesses of an organization’s assets, using similar methodologies to the ones used by real attackers.
Penetration Test = Vulnerability Assessment?
The answer is clearly, NO!
A Pentest is not equal to a Vulnerability Assessment, and a lot of people tend to confuse the terms. From my experience, I have encountered clients that requested a Penetration Test, but in reality, they wanted a Vulnerability Assessment, or vice-versa. So, it is very important for you, as a Security Expert, to explain the differences between those two terms.
Vulnerability Assessment:
- Covers a decent amount of security issues
- Exposes low-hanging fruits and probably some risky issues
- The quality of results depends on the scanners used
- Automated around 90%, and manual work around 10%
Penetration Test:
- Covers most of the…