February 12, 2020

 Penetration Testing Plan

A penetration testing plan is suggested in a systematic manner so that company may detect all its vulnerabilities at once without getting into any future issue. The procedure for penetration testing plan is explained as below:

  • Search some expert red team workers who are highly popular for detailed and expert penetration testing.
  • Negotiate the deal and create a contract in which the team is bound to keep the final findings secret even after the end of the contract.
  • Start the penetration testing by first examining the provided risk assessment report.
  • Initiate external attacks first and breach in the network through external intrusion in the form of Malware and Trojan
  • Initiate DOS and DDoS attacks on the network.
  • Initiate a zero-day attack on the network.
  • After completing external attacks start the internal attacks through social engineering and phishing attack. For this, hit random workers of random regions for social engineering and spam emails.
  • If the social engineering of the phishing attack gets successful, then initiate attacks like ARP poisoning or IP and MAC spoofing and examine internal security.
  • If gets successful in entering the network, then check the security of the VPN by trying to decrypt the information packets.
  • Test security of routers and switches by examining their alarms, empty ports, and other malware forwarding probabilities.
  • Attempt to access databases and exploit access controls.
  • Create a final report about the findings.

Leave a Reply

Your email address will not be published. Required fields are marked *