Skip to content
← Back to Penetration Testing & Red Teaming

You are viewing a free preview of this lesson.

Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.

View PricingCreate Account

Introduction to Penetration Testing

Introduction to Penetration Testing

Penetration testing (pentesting) is the practice of simulating real-world attacks against systems, networks, and applications — with explicit authorisation — to identify vulnerabilities before malicious actors do. This lesson covers the fundamentals: what pentesting is, the different types, industry-standard methodologies, and the critical legal and ethical framework you must follow.

Important: Every technique in this course must only be used on systems you own or have written permission to test. Unauthorised access to computer systems is a criminal offence in virtually every jurisdiction.

What Is Penetration Testing?

A penetration test is a controlled, authorised attempt to exploit vulnerabilities in a target system. The goal is to:

  • Discover security weaknesses before attackers do
  • Demonstrate the real-world impact of those weaknesses
  • Provide actionable remediation recommendations
  • Validate that existing security controls work as intended

Pentesting vs Vulnerability Scanning

Aspect Vulnerability Scan Penetration Test
Automation Fully automated Manual + automated
Depth Surface-level Deep exploitation
False positives Common Verified by exploitation
Risk demonstration Theoretical Proven impact
Frequency Weekly/monthly Quarterly/annually
Skill required Low–medium High

Types of Penetration Testing

By Knowledge Level

┌───────────────────────────────────────────────────────┐
│                                                       │
│   Black Box          Grey Box          White Box      │
│   ──────────         ────────          ─────────      │
│   No internal        Partial           Full access    │
│   knowledge          knowledge         to source,     │
│                      (some creds,      architecture,  │
│   Simulates an       limited docs)     credentials    │
│   external                                            │
│   attacker           Simulates an      Simulates an   │
│                      insider or        insider with    │
│                      partner           full access     │
│                                                       │
└───────────────────────────────────────────────────────┘
Type Knowledge Given Simulates Time Required
Black box None External attacker Longest
Grey box Partial (e.g. user creds) Insider / partner Medium
White box Full (source code, diagrams) Trusted insider Shortest

By Target

  • Network pentest — internal/external infrastructure, servers, firewalls
  • Web application pentest — websites, APIs, authentication flows
  • Mobile application pentest — iOS/Android apps and their backends
  • Wireless pentest — WiFi networks, Bluetooth
  • Social engineering — phishing, pretexting, physical access
  • Cloud pentest — AWS, Azure, GCP configurations
  • IoT pentest — embedded devices, firmware

Penetration Testing Methodologies

OWASP Testing Guide

The Open Web Application Security Project provides a comprehensive testing guide focused on web applications:

  • 66 controls across 11 categories
  • Detailed test procedures for each control
  • Regularly updated to reflect new attack vectors
  • Free and community-driven

PTES (Penetration Testing Execution Standard)

┌──────────────┐   ┌──────────────┐   ┌──────────────┐
│ 1. Pre-      │──▶│ 2. Intel     │──▶│ 3. Threat    │
│  engagement  │   │  Gathering   │   │  Modelling   │
└──────────────┘   └──────────────┘   └──────────────┘
       │                                      │
       ▼                                      ▼
┌──────────────┐   ┌──────────────┐   ┌──────────────┐
│ 7. Reporting │◀──│ 6. Post-     │◀──│ 5. Exploit-  │
│              │   │  Exploitation│   │  ation       │
└──────────────┘   └──────────────┘   └──────────────┘
                                              ▲
                                              │
                                   ┌──────────────┐
                                   │ 4. Vuln      │
                                   │  Analysis    │
                                   └──────────────┘

Seven phases: Pre-engagement Interactions, Intelligence Gathering, Threat Modelling, Vulnerability Analysis, Exploitation, Post-Exploitation, Reporting.

OSSTMM (Open Source Security Testing Methodology Manual)

  • Focuses on operational security and measurable results
  • Defines a Risk Assessment Value (RAV) for quantifiable metrics
  • Covers five channels: Human, Physical, Wireless, Telecommunications, Data Networks

NIST SP 800-115

  • US government standard for technical security testing
  • Covers planning, execution, and reporting phases
  • Often required for government/defence contracts

Legal and Ethical Considerations

Always Get Written Authorisation

Before any testing begins, you must have:

  1. A signed contract / statement of work (SOW)
  2. Written authorisation (permission to test)
  3. Clearly defined scope — what is in/out of bounds
  4. Rules of engagement — hours, techniques, escalation procedures
  5. Emergency contact details — who to call if something breaks
  6. Data handling agreement — how findings and captured data are stored/destroyed

Rules of Engagement (RoE) Checklist

Item Description
Scope IP ranges, domains, applications in scope
Exclusions Systems/networks explicitly excluded
Testing window Permitted hours/days (e.g. business hours only)
Allowed techniques Social engineering, DoS testing, physical access?
Notification Will defenders (SOC/blue team) be informed?
Data handling Encryption, storage, deletion timeline
Escalation procedure Steps if critical vulnerability or system crash occurs
Point of contact Client-side and tester-side emergency contacts

Relevant Laws

Jurisdiction Law
UK Computer Misuse Act 1990
US Computer Fraud and Abuse Act (CFAA)
EU Directive 2013/40/EU on attacks against info systems
Australia Criminal Code Act 1995, Part 10.7

Remember: "I was just testing" is not a legal defence without written authorisation.

The Pentest Lifecycle

1. Scoping & Planning
   └──▶ 2. Reconnaissance
        └──▶ 3. Scanning & Enumeration
             └──▶ 4. Exploitation
                  └──▶ 5. Post-Exploitation
                       └──▶ 6. Reporting
                            └──▶ 7. Remediation & Retesting

Each phase builds on the previous one. This course dedicates a lesson to each major phase.

Essential Pentesting Platforms

Platform Type Description
Kali Linux OS Debian-based distro with 600+ security tools
Parrot OS OS Security-focused distro, lighter than Kali
HackTheBox Lab Online platform with vulnerable machines
TryHackMe Lab Guided learning paths with virtual rooms
VulnHub Lab Downloadable vulnerable VMs
DVWA Practice app Deliberately vulnerable web application

Certifications Roadmap

Beginner ──▶ CompTIA Security+ / CEH
             │
             ▼
Intermediate ──▶ eJPT / PNPT
                 │
                 ▼
Advanced ──▶ OSCP / OSWE / GPEN
             │
             ▼
Expert ──▶ OSCE3 / OSEE / GXPN

Summary

  • Penetration testing is the authorised simulation of real attacks to find vulnerabilities.
  • Tests can be black, grey, or white box depending on the information provided.
  • Industry methodologies include OWASP, PTES, OSSTMM, and NIST SP 800-115.
  • Legal authorisation and clearly defined rules of engagement are mandatory before any testing.
  • The pentest lifecycle flows from scoping through reconnaissance, scanning, exploitation, post-exploitation, and reporting.
  • Always operate within legal and ethical boundaries — never test without permission.
Subscribe to continue