Skip to main content

Get to Know Penetration Testing

Learning Objectives

After completing this unit, you’ll be able to:

  • Define penetration testing terms.
  • Explain the purpose of penetration testing.
  • List the phases of penetration testing.
  • Identify the different approaches to penetration testing.

Before diving into penetration testing, you should have a basic understanding of vulnerability scanning, common vulnerabilities, and security testing. We recommend that you first complete the Get Started with Vulnerability Assessment trail before you begin this module.

Penetration Testing Glossary

As a penetration tester, you are responsible for stamping out security weaknesses in an organization’s systems. Let’s take a look at some terminology before we dig deeper. 

Term Definition

Penetration testing

A method of security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security controls of an application, system, or network

Network discovery

The process of discovering active hosts on a network, identifying weaknesses, and learning how the network is designed

Port scanner

A program that can remotely determine which ports on a system are open, and whether systems allow connections through those ports

Rules of engagement (ROE)

The detailed guidelines and constraints regarding the execution of penetration testing


An application, business process, IT infrastructure, environment, or system that the tester attempts to penetrate


A weakness in automated systems’ security procedures, administrative controls, internet controls, and so on, that a threat could exploit


A piece of code the penetration tester uses to take advantage of a vulnerability in the target system


The process a penetration tester uses to query specific systems to gather as much information as possible about entry points that are either verified or disproved during the exploitation phase

Attack vector

A path or means by which an attacker can gain access to a computer or network server in order to deliver a payload


A component of the attack which the penetration tester uses to cause harm to the victim, in order to compromise the confidentiality, integrity, or availability of the system


A piece of code or a script running on a server that enables running commands on the system

Goals and Benefits of Penetration Testing

As a penetration tester, you’re responsible for being an expert in real-world threats, attack paths, and vulnerabilities. You assess an organization’s resilience to real-world attacks and produce reports that help the organization better protect itself. Penetration testing is a great tool to help organizations secure their infrastructure, networks, applications, systems, and data. 

Penetration testing can also help organizations better understand where to focus their limited time and resources in mitigating threats. For example, an organization could be trying to decide whether to make a security investment to increase staff for the organization’s security operations center, or to implement two-factor authentication for all network logins. 

Pinpointing where the most critical vulnerabilities lie, through penetration testing, can help organizations make better and more informed decisions. Penetration testing can help paint a picture of holistic cyber risk by pointing out how a weakness in one business system can lead to a breach in other connected technologies. 

Penetration Testing Phases

In conducting penetration testing, you typically follow four phases. 

Phase Definition


Covers all preengagement activities in preparation for an upcoming penetration test


Begins testing and involves information gathering and scanning for vulnerabilities


Verifies previously identified vulnerabilities through exploitation


Occurs simultaneously with other phases for evidence collection, and consists of documenting the ROEs, steps taken during the test, and the results 

A person surrounded by the listed phases of penetration testing: Plan (a brain), Discover (a magnifying glass), Attack (an arrow penetrating a circle), and Report (a document)

Types of Penetration Testers

In general, there are three types of penetration testers. We review each type but spend most of our time focused on the ethical hacker. 

Malicious Hacker

Erika is a malicious hacker targeting a stock trading and investment application. She attempts to gain unauthorized entry into the application to exploit it for malicious reasons. She does not have permission or authority to perform these actions. She tries to inflict damage by compromising the security systems that monitor the application, altering the function of the application, or shutting down the application entirely. She does so to steal or gain access to passwords, financial information, and other personal data. 

Gray Hat

As in life, there are gray areas. Gray hat hackers are a blend of both malicious hacker and ethical hacker activities. Often, gray hat hackers look for vulnerabilities in a system without the owner’s permission or knowledge. If issues are found, they report them to the owner, sometimes requesting a small fee to fix the issue. If the owner does not respond or comply, then sometimes the hackers post the newly found exploit online for the world to see. 

Derek is a gray hat hacker targeting a cybersecurity company. He’s decided to target this company because it was a source of a breach in the past, and he wants to test how well the company is now protecting its customers, as part of his own research. He tries to exploit the company’s systems in a similar way that Erika does, but does so without any malicious intent. Derek discloses any loopholes and vulnerabilities he finds to the company. Derek likes to surf the net and hack into computer systems to notify the owners that their system contains one or more vulnerabilities that must be fixed immediately. 

Ethical Hacker

Melonia is an ethical hacker, who works with a nonprofit organization to strengthen the security of their systems. She has permission to engage with the organization’s systems and to compromise them within the prescribed ROEs. Melonia specializes in penetration testing tools, techniques, and methodologies, and enjoys helping to secure the organization's information systems. She exploits the organization’s network and systems, and looks for vulnerabilities and ways to exploit them, but only when she is legally permitted to do so. She always discloses each vulnerability she finds. 

Penetration Test Style

There are three different styles you can use to conduct a penetration test: black box, gray box, and white box. Let’s cover these in more detail. 

Black Box

In a black box test, you conduct the assessment with no prior knowledge of the target environment. You may have high-level data such as the company or organization’s name, but no other relevant information. In this type of test, you do not perform any code examination in internal environments. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network. 

Gray Box

In a gray box penetration test, also known as a translucent box test, you have only limited information about the target. Usually this takes the form of login credentials. Gray box testing is useful to help understand the level of access a privileged user could gain and the potential damage they could cause.

White Box

In a white box test, you have full knowledge of the target environment, including the systems, networks, operating systems, IP addresses, source code, and more. Having this knowledge reduces the cost and time of the test, as you don’t need to involve any reconnaissance to ascertain target information. This type of test is a simulation of an internal attack. The purpose of white box testing is to identify potential weaknesses in various areas such as logical vulnerabilities, potential security exposures, security misconfigurations, poorly written development code, and lack-of-defensive measures.

Penetration Testing Methodologies

As a penetration tester, you should be familiar with the different methodologies you can use to perform penetration tests. Let’s take a closer look.

Penetration Testing Execution Standard (PTES) 

A team of information security practitioners developed this penetration testing method with the aim of addressing the need for a complete and up-to-date standard in penetration testing. In addition to guiding security professionals, it also attempts to inform businesses about what they should expect from a penetration test and guides them in scoping and negotiating successful projects. The process includes preengagement interactions, intelligence gathering, and threat modeling.

Open-Source Security Testing Methodology Manual (OSSTMM)

This is a complete methodology for the testing, analysis, and measurement of operational security toward building the best possible security defenses. It’s a peer-reviewed methodology for security testing, maintained by the Institute for Security and Open Methodologies (ISECOM). It provides guidance on how to test the operational security of five channels (Human Security, Physical Security, Wireless Communications, Telecommunications, and Data Networks) so that organizations can understand the full extent of their security and determine how well their security processes actually function.

Information System Security Assessment Framework (ISSAF) 

This is a structured and specialized approach to penetration testing that enables a tester to meticulously plan and document every step of the penetration testing procedure, from planning and assessment to reporting and destroying artifacts. For each vulnerable area of your system, ISSAF offers some complementary information, various vectors of attack, as well as possible results when the penetration tester exploits the vulnerability.

These are just a few examples of methodologies to keep in mind. Others include the National Institute of Standards and Technologies (NIST) guidelines and the Open Web Application Security Project (OWASP) methodology. 

Sum It Up

Now you understand more about penetration testing terms, goals, and methodologies. In the next unit, you learn more about the responsibilities and qualifications of a penetration tester, and discover the skills that help penetration testers succeed. 


Keep learning for
Sign up for an account to continue.
What’s in it for you?
  • Get personalized recommendations for your career goals
  • Practice your skills with hands-on challenges and quizzes
  • Track and share your progress with employers
  • Connect to mentorship and career opportunities