When performing a penetration test on a system or network, a set of approved or recommended guidelines is used to ensure that the desired outcome is achieved. A penetrating testing methodology usually consists of the following phases:
- Information gathering
- Scanning and reconnaissance
- Fingerprinting and enumeration
- Vulnerability assessment
- Exploit research and verification
- Reporting
Following such a checklist ensures that the penetration tester completes all tasks for a phase before moving onto the next. In this book, we started with the information-gathering phase and gradually moved on from there. The early chapters covered the early phases and taught you how to obtain sensitive details about a target, while the later chapters covered using the information found to gain access to a target using various methods.
In the next section, we will learn about the Open Web Application Security Project (OWASP) Top 10.