CHAPTER 3: RECONNAISSANCE
The start of the test
Now that the preparatory work has been completed and the testing team knows the scope, authority and rules of engagement for the test, the real pen testing work begins. The first step in conducting a pen test is to get to know the target. The test requires knowledge of client networks, applications, physical facilities, equipment and the people that use, manage and oversee client systems. It must be remembered that a pen test is often much more than just a technical probe of a system or technology. The test may be multifaceted and also examine physical, procedural and administrative controls.
The pen tester will use several methods to gather information about the target organization. These information-gathering ...