The Pentesting Guide

Introduction

On this website, you will find a guide and methodology that you can follow to perform a penetration test.

What is a penetration test?

A penetration test is an authorised simulated cyberattack against your computer system to evaluate its security at a given time, identifying and exploiting any vulnerability on your systems that attackers could exploit to demonstrate the business impacts of weaknesses in your systems.

What is not a penetration test?

A penetration test is not:
  • A vulnerability assessment: The process of identifying, quantifying, and prioritising (or ranking) the vulnerabilities in a system.
  • Red Teaming: The process of demonstrating how an organisation would face a real attack against its networks, applications, physical security controls and employees.
  • Bug bounty program: Independent hackers are paid per vulnerability and bugs found. Bounty programs usually continue for the product’s lifetime finding new vulnerabilities as the product changes.

How to proceed?

As you can see in the image below, this is not only a summary of what you are going to find on this site but also the steps you should follow in order to perform a penetration test.
Pentesting phases

Guide Licence

This guide is under Attribution-NonCommercial 4.0 International (CC BY-NC 4.0), you are free to:
  • Share: copy and redistribute the material in any medium or format.
  • Adapt: remix, transform, and build upon the material
Under the following terms:
  • Attribution: You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
  • NonCommercial: You may not use the material for commercial purposes
Attribution-NonCommercial (CC BY-NC 4.0)
Last modified 2mo ago