While penetration testing is interesting, we cannot attack a target without a battle plan. Planning ensures that the penetration testing follows a sequential order of steps to achieve the desired outcome, which is identifying vulnerabilities. Each phase outlines and describes what is required before moving onto the next steps. This ensures that all details about the work and target are gathered efficiently and that the penetration tester has a clear understanding of the task ahead.
The following are the different phases in penetration testing:
- Pre-engagement
- Information gathering
- Threat modeling
- Vulnerability analysis
- Exploitation
- Post-exploitation
- Report writing
Each of these phases will be covered in more detail in the following sections.