In the previous chapters, you got a solid introduction to pen testing, operating systems and networks, and cryptography. Now we’ll outline the methodology you’ll use to conduct your penetration test. Typically, the process kicks off with some planning, such as determining why the test is necessary and choosing the type of test. Once this planning is completed, you’ll get permission in written form, and the test can then proceed; it usually starts with gathering information that can be used for later network scanning and more aggressive actions. Once all the penetration testing is complete and information about vulnerabilities and exploits has been obtained, you create a risk mitigation plan (RMP). ...