You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Penetration testing (pentesting) is the practice of simulating real-world attacks against systems, networks, and applications — with explicit authorisation — to identify vulnerabilities before malicious actors do. This lesson covers the fundamentals: what pentesting is, the different types, industry-standard methodologies, and the critical legal and ethical framework you must follow.
Important: Every technique in this course must only be used on systems you own or have written permission to test. Unauthorised access to computer systems is a criminal offence in virtually every jurisdiction.
A penetration test is a controlled, authorised attempt to exploit vulnerabilities in a target system. The goal is to:
| Aspect | Vulnerability Scan | Penetration Test |
|---|---|---|
| Automation | Fully automated | Manual + automated |
| Depth | Surface-level | Deep exploitation |
| False positives | Common | Verified by exploitation |
| Risk demonstration | Theoretical | Proven impact |
| Frequency | Weekly/monthly | Quarterly/annually |
| Skill required | Low–medium | High |
| Black Box | Grey Box | White Box | |
|---|---|---|---|
| Knowledge | No internal knowledge | Partial knowledge (some creds, limited docs) | Full access to source, architecture, credentials |
| Simulates | An external attacker | An insider or partner | An insider with full access |
| Type | Knowledge Given | Simulates | Time Required |
|---|---|---|---|
| Black box | None | External attacker | Longest |
| Grey box | Partial (e.g. user creds) | Insider / partner | Medium |
| White box | Full (source code, diagrams) | Trusted insider | Shortest |
The Open Web Application Security Project provides a comprehensive testing guide focused on web applications:
graph TD
A["1. Pre-engagement"] --> B["2. Intel Gathering"]
B --> C["3. Threat Modelling"]
C --> D["4. Vuln Analysis"]
D --> E["5. Exploitation"]
E --> F["6. Post-Exploitation"]
F --> G["7. Reporting"]
Seven phases: Pre-engagement Interactions, Intelligence Gathering, Threat Modelling, Vulnerability Analysis, Exploitation, Post-Exploitation, Reporting.
Before any testing begins, you must have:
| Item | Description |
|---|---|
| Scope | IP ranges, domains, applications in scope |
| Exclusions | Systems/networks explicitly excluded |
| Testing window | Permitted hours/days (e.g. business hours only) |
| Allowed techniques | Social engineering, DoS testing, physical access? |
| Notification | Will defenders (SOC/blue team) be informed? |
| Data handling | Encryption, storage, deletion timeline |
| Escalation procedure | Steps if critical vulnerability or system crash occurs |
| Point of contact | Client-side and tester-side emergency contacts |
| Jurisdiction | Law |
|---|---|
| UK | Computer Misuse Act 1990 |
| US | Computer Fraud and Abuse Act (CFAA) |
| EU | Directive 2013/40/EU on attacks against info systems |
| Australia | Criminal Code Act 1995, Part 10.7 |
Remember: "I was just testing" is not a legal defence without written authorisation.
graph TD
A["1. Scoping & Planning"] --> B["2. Reconnaissance"]
B --> C["3. Scanning & Enumeration"]
C --> D["4. Exploitation"]
D --> E["5. Post-Exploitation"]
E --> F["6. Reporting"]
F --> G["7. Remediation & Retesting"]
Each phase builds on the previous one. This course dedicates a lesson to each major phase.
| Platform | Type | Description |
|---|---|---|
| Kali Linux | OS | Debian-based distro with 600+ security tools |
| Parrot OS | OS | Security-focused distro, lighter than Kali |
| HackTheBox | Lab | Online platform with vulnerable machines |
| TryHackMe | Lab | Guided learning paths with virtual rooms |
| VulnHub | Lab | Downloadable vulnerable VMs |
| DVWA | Practice app | Deliberately vulnerable web application |
graph TD
A["Beginner: CompTIA Security+ / CEH"] --> B["Intermediate: eJPT / PNPT"]
B --> C["Advanced: OSCP / OSWE / GPEN"]
C --> D["Expert: OSCE3 / OSEE / GXPN"]