The document outlines various penetration testing techniques and vulnerability assessment methods, including network, web, and physical security testing. It details the steps involved in vulnerability scanning, analyzing impacts, and prioritizing remediation, as well as the importance of reporting findings. Additionally, it discusses different sources of vulnerabilities and methods for exploitation and assessment.

1. Penetration Testing
and
Vulnerability Assessment

2. Penetration Testing and Attack Methods
Overview
 Network Vulnerability Testing
 Web Vulnerability Testing
 Wireless War Driving / Walking
 Phone Network Testing
 Social Engineering Testing
 Walk-throughs and Dumpster Diving
 Physical Security Auditing

3. Goals and Objective

4. Asset
Discovery
Detect
Endpoint,
Network
devises etc..
Vulnerabili
ty
Scanning
Finding
Vulnerability
using tools
Vulnerabili
ty
Assessmen
t
Analyzing the
impact and
prioritizing
Vulnerabili
ty
Remediatio
n
Deploying
Patches and
fixing
vulnerabilities
Report
Producing
report and
analysis
Vulnerability Assessment Road Map

5. Penetration Testing Road Map
01
02
03
04
05
Planning and
reconnaissance
Test goals are defined and intelligence
is gathered
Scanning
Scanning tools are used to understand
how a target responds to intrusions
Gaining Access
Web application attacks are staged to
uncover a
target's vulnerability
Maintaining access
APT's imitated to see if a
vulnerability
can be used to maintain access
Analysis and WAF
Configuration
Results are used to configure WAF
settings before testing is run again

6.  Programming errors
 Unintentional mistakes or intentional malware in General
Public License software
 Improper system configurations
 Mobile users sidestepping perimeter security controls
 Rising attacks through viewing popular websites
 Misconfiguration during setup
 Forgotten to remove confidential files
 Un-patched plugins and updates
Sources of Vulnerabilities

7. VULNERABILITY TESTING AND EXPLOITATION
Purpose: To check hosts for known vulnerabilities and to see if they are exploitable, as well as
to assess the potential severity of said vulnerabilities.
Methods:
 Remote vulnerability scanning (Nessus, OpenVAS)
 Active exploitation testing
 Login checking and brute forcing
 Vulnerability exploitation (Metasploit, Core Impact)
 Zero day and exploit discovery (Fuzzing, program analysis)
 Post exploitation techniques to assess severity (permission levels, backdoors, rootkits,
etc)

8. REPORTING
Purpose: To organize and document information found during the
reconnaissance, network scanning, and vulnerability testing phases of
a penetration testing.
Methods:
• Documentation using collected data during scanning and validation
o Organizes information by hosts, services, identified hazards and risks,
recommendations to fix problems