7 Steps of Penetration Testing

Suppose your organisation or technology hasn't gone through penetration or security testing before. In that case, you may not know what to expect. Whether you have or have not undergone penetration testing in the past, you are maybe wondering what Hedgehog Security's methodology and stages of penetration testing are. This short article will help you understand that. Knowing what to expect enables you to reap the benefits of the testing.

At Hedgehog Security, there are seven stages of penetration testing. Let us discuss each one so that you and your organisation can prepare for a penetration test.

  • The 7 Steps and Phases of Penetration Testing

    The Hedgehog Security penetration test checklist includes the following 7 phases of penetration testing:

    1. Information Gathering
    2. Reconnaissance
    3. Discovery and Scanning
    4. Vulnerability Assessment
    5. Exploitation
    6. Final Analysis and Review
    7. Utilise the Testing Results

  • 1. Information Gathering

    The first stage in the seven stages of penetration testing is information gathering. The tested organisation will provide the penetration tester with general information about in-scope targets. The data can range from IP addresses, hostnames, application details, or simply the company name. The supplied data will depend mainly on the perspective of the penetration test and the amount of time the client wishes to be spent testing. From a tester's point of view, the more information the client provides, the better, as it reduces the time needed for reconnaissance and increases the time spent testing.

2. Reconnaissance

Hedgehog uses the information gathered to collect additional details from publicly accessible sources. These sources could be Open Source intelligence sources or hidden away deeper on the internet.

The reconnaissance stage is essential to a successful penetration test by allowing penetration testers to identify additional information overlooked, previously unknown, or not provided. This step is beneficial in internal and external network penetration testing; however, we don't typically perform this reconnaissance in web, IoT, VPN/Remote Working, API, or mobile application penetration testing.

3. Discovery and Scanning

The information gathered in the reconnaissance phase is used to perform discovery activities to determine things like ports and services available for targeted hosts or subdomains available for web applications. During this phase, we will start to map a visual representation of your technology deployment and identify weaknesses in configurations. Depending on the scope of the penetration test, we may attempt limited brute-forcing of login services using usernames that have been enumerated in the reconnaissance and the information gathering phases.

4. Vulnerability Assessment

A vulnerability assessment gains initial knowledge and identifies potential security weaknesses or misconfigurations that could allow an outside attacker to access the tested environment or technology. A vulnerability assessment is part of every penetration test and is a crucial stage in the process. But a vulnerability assessment is never a replacement for a penetration test. At Hedgehog, we use several commercial-grade vulnerability scanners and our scanning solution called Condr.

One part of the vulnerability assessment phase unique to Hedgehog is the manual assessment for vulnerabilities. Using multiple vulnerability scanners allows us to ensure an excellent level of coverage of vulnerability signatures. All vulnerabilities are assessed and scored using the CVSS (common vulnerability scoring system) version 3.1 to ensure consistency.

5. Exploitation

It is in exploitation where the action happens, which looks to many to be that "Hollywood" moment! It is the single largest consumer of testing time. It is where every penetration tester wishes they could spend 100% of their time.

The exploitation phase is where our team interprets the results from the vulnerability assessment and collates all the data from all the previous stages to identify exploitation pathways. Our expert penetration testers then use several manual techniques and human intuition to validate, attack and exploit those vulnerabilities. It is not uncommon for our pentesters to spend time researching potential vulnerabilities and creating new, never before seen exploits. This call of exploit is commonly called a zero-day. Over the years, we have authored well over 100 zero-day exploits that have then been shared with the system vendor or software to enable them to fix the issue.

The overall goal is to gain access to sensitive information or get a foothold onto systems to pivot access. Where system access is obtained, there is a lot of work involved to ensure a level of persistence and to elevate the entire system's permissions can be assessed. At this point, we often start to identify internal process weaknesses such as weak passwords, incorrect security configurations, and inadequate patching regimes.

The "giant loop" starts when access is achieved, and the accessed system gets sent back at Phase 3. The loop continues for as long as new systems are compromised or the testing window remains open.

6. Final Analysis and Review

When you work with Hedgehog on security testing, we deliver our findings continuous through our interactive testing portal. You download your final report in PDF and XLS formats in this portal.

This comprehensive report includes narratives of testing and how we found vulnerabilities and exploited them. The report also contains details of the scope, the testing methodologies, in-depth findings details, and recommendations for remediation. We also include details of where findings will cause issues against standards such as Cyber Essentials, PCI-DSS and ISO27001.

7. Utilise the Results of your Penetration Test

The final stage of the seven stages of penetration testing is most important. It would be best to use the findings to create a risk led remediate program. You should rank vulnerabilities, analyse the potential impact of vulnerabilities found, determine remediation strategies, and inform decision-making moving forward.

The Hedgehog security testing methodology is unique and efficient. It does not rely on a static checklist and standard techniques and assessment methods built into "automated" pentesting software. It relies heavily on the experience and the skills of your penetration tester. Effective penetration testing requires a diligent effort to find enterprise weaknesses, just like a malicious individual would. We've developed these seven stages of penetration testing because we've proven that they prepare organisations for attacks and fix areas of vulnerability.

Contact us today if you want to avoid the consequences of compromised technology while working with an expert ethical hacker

Explore the Demo Portal

Use the link in the top right to log into the portal. The credentials are:

Username: demo@democlient.llc
Password: Demo-Password-2021
Download our Penetration Testing Brochure


Hedgehog Security places great emphasis on the quality, reliability, and security of the services it offers. We are fully regulated by CREST, the Council for Regitered Ethical Security Testers and are authorised to deliver Cyber Security Consulting along with Penetration Testing, Vulnerability Scanning and IT Health Checks.

Cyber Security Consulting

Get in Touch

Kindly fill the form and we will get back to you.

Contact us if you are experiencing a Cyber IncidentHaving a Cyber Incident?