Infrastructure
Infrastructure testing
- Simply it is a penetration testing (Pen Testing)
- A penetration test, known as a pentest or ethical hacking, is an authorized simulated cyberattack on a Networks or computer systems performed to evaluate the security of the system. it consists of 6 phases;
- Pre-Engagement Interactions
- During the Pre-Engagement phase, the penetration testers should work with your company to fully understand any risks.
- Reconnaissance or Open Source Intelligence (OSINT) Gathering
- Reconnaissance or Open Source Intelligence (OSINT) gathering is an important first step in penetration testing. A pentester works on gathering as much intelligence on your organization and the potential targets for exploit.
- Threat Modeling & Vulnerability Identification
- During the threat modeling and vulnerability identification phase, the tester identifies targets and maps the attack vectors.
- Exploitation
- With a map of all possible vulnerabilities and entry points, the pentester begins to test the exploits found within your network, applications, and data.
- Post-Exploitation, Risk Analysis & Recommendations
- After the exploitation phase is complete, the goal is to document the methods used to gain access to your organization’s valuable information. The penetration tester should be able to determine the value of the compromised systems and any value associated with the sensitive data captured.
- Reporting
- Reporting is often regarded as the most critical aspect of a pentest. It’s where you will obtain written recommendations from the penetration testing company and have an opportunity to review the findings from the report with the ethical hacker(s).