There are so many iterations of ISEB / ISTQB software testing techniques that from time to time I like to pick one type and do a deep dive into it. As such, for this post I thought I would highlight the overall purpose and high-level process involved with penetration testing.
Penetration testing is essentially a security assessment of a company’s computer environment, including network security and the probability of a security breach. The goal is to identify weak links in the network in order to prevent unauthorized access by external fraudsters, hackers, or even former employees. The increasing reliance of companies on their computer systems, coupled with the increasing sophistication of hackers, makes this type of testing critical in today’s world.
Like any testing, the first step in penetration testing is to develop a plan. You will need to define the objectives, timeline and testing boundaries. An important part of this process involves trying to think like a hacker to identify possible methods of gaining unauthorized access, which in turn allows companies to focus in on specific barriers designed to block these access points.
Once the planning process is complete, the penetration test can be executed. It is critical to test every scenario possible, as the company’s financial health and reputation are on the line. You will want to test all possible vulnerabilities as well as all possible fraud prevention measures. Much of this is accomplished by using a variety of different methods to try and break into the network, the results of which will uncover areas of potential weakness and susceptibility.
Obviously the final step is to generate testing reports that will reveal the problems that need correcting. Importantly, penetration testing is something that should occur on a semi-regular basis because the ability of hackers to gain unauthorized access to company systems is constantly evolving.
Filed Under: Software Testing