Introduction

Penetration Testing is the organized, targeted, and authorized process where we are allowed to perform actions against an IT infrastructure to detect vulnerabilities and security breaches in the system.

In contrast to vulnerability or security assessments, which are performed using purely automated tools, penetration tests can be done using any accessible tool, whether manual or automated.

It is also different from Bug Bounty, as in this last one, we just want to find punctual vulnerabilities, while in Pentest, the usual objective is to compromise the whole server or even the network.

The scope of the assessment must be defined from the kick-off. This scope can define network boundaries, assets we can interact with, tools and actions forbidden during the assessment, and other legal limitations.

The most important thing is that we must stay within this scope in any action we perform, and also, all of this must be documented and written explicitly before proceeding.

Last updated