In order to have a successful pen testing activity in place, one needs to map down a process to the whole flow.
There are different types of approaches as well:
The following sections are the most common norms/approaches known for the testing phase.
In black box approach, the tester is given no knowledge of the underlying infrastructure and performs testing. This is like a shot in the dark and is usually what real-life attacks are; the only drawback is the time constraint to perform the testing, as attackers have a lot of time to plan and prepare their attack; however, a tester does not, and it will impact the financials. The black box approach usually goes ...