Short Notes on Penetration Testing Methodologies

There are many flavors to run a pen test across platforms but this would be the best way to approach it; step by step. This is basically cherry picked steps from SANS.

For Web applications:
1. Recon
2. Mapping
3. Exploitation
4. Post-Exploitation
5. Reporting

Mobile Device pentesting:
1. Recon
2. Scanning
3. Exploitation
4. Post-Exploitation

Exploit Development
1. Recon
2. Scanning
3. Exploitation
4. Post-Exploitation
5. Notable Techniques

Network Penetration Testing
1. Recon
2. Scanning
3. Exploitation
4. Post-Exploitation
5. Reporting

Wireless Penetration Testing
1. Recon
2. Scanning
3. Exploitation
4. Post-Exploitation
5. Reporting

Any further notes or queries, feel free to post :)



Comments