Be the first to like this
Aim of penetration testing (pen-testing) is to break into an application while closely approximating an attacker’s behavior. Typical approaches that rely heavily on the usage of security tools produce only tool-based results, and may limit the effectiveness.
In order to closely approximate an attacker’s tactics, more of a mental shift, knowledge about the application, and motivation are required. This paper tries to bridge that gap, and aims to discuss
advanced and sophisticated steps to make the pen-testing effort more effective, and optimize the skills of the pen-tester and the tools.
Starting with planning, recon, deciding the attack surface, tool selection, and final closure, advanced penetration testing will take your understanding about the application to a different level. Overall,
these steps will assist in reasonable assessment of the security posture of an application.