CHAPTER 3: RECONNAISSANCE
The start of the test
Now that the preparatory work has been completed and the testing team knows the scope, authority and rules of engagement for the test, the real pen testing work begins. The first step in conducting a pen test is to get to know the target. The test requires knowledge of client networks, applications, physical facilities, equipment and the people that use, manage and oversee client systems. It must be remembered that a pen test is often much more than just a technical probe of a system or technology. The test may be multifaceted and also examine physical, procedural and administrative controls.
The pen tester will use several methods to gather information about the target organization. These information-gathering ...
Get Penetration Testing: Protecting Networks and Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.