The reason why now everyone is worried about pentesting before releasing any application or hardware device . Everywhere it required to get a clearance from security team. But do you know its not a matter to get it done in a day or not possible for a single professional to do everything . As per the views every individual professional have different style of approach which may lead to discover exploits and which might not be possible for others .
As per my experience below mentioned are the key steps to start from scratch :
Step 1 : Before starting the penetration test you should know your target clearly and even your limits too otherwise it may lead you into a problematic situation.
Step 2 : Gather a lot of information about the target in the context like version , supporting plugins , sub-domains , other belonging links , known exploit regarding the running software etc . The business logic behind the application should be well versed by the pen tester.
Step 3 : Now as per the requirement you have to proceed further like
- If the application is internal application you require 2 low level and 1 high level privilege user rights to perform your test, which we can call as whitebox pentesting.
- If your application is external / critical application and in this case you like to go for Blackbox or greybox pentesting depending on the need of your company . Even in this case also if you want to test the functionality of the application or website you can ask for credentials to test the application end to end .
Step 4 : Now while you are performing the test you should scan the application first just to get the information about the target application which might help you in figuring out the low level functional findings, as per experience it may help you till 5% out of 100.
Step 5 : Once you have everything ready with you, follow OWASP Top 10 first which is the standard for application pen-test:
A1:2017-Injection A2:2017-Broken Authentication A3:2017-Sensitive Data Exposure A4:2017-XML External Entities (XXE) NEW A5:2017-Broken Access Control Merged A6:2017-Security Misconfiguration A7:2017-Cross-Site Scripting (XSS) A8:2017-Insecure Deserialization NEW, Community A9:2017-Using Components with Known Vulnerabilities A10:2017-Insufficient Logging&Monitoring NEW,Comm.
Step 6 : While performing the test take a appropriate screenshot which you will use while making Walkthrough / POC .
Step 7 : Once the pentesting is completed start preparing for report with complete information which you feel should enrich the knowledge of developer and the report should be self explanatory .
Soon I'll publish the Second level of pentesting steps .