Edit

422.53 Penetration testing

Simulate real-world attacks to evaluate how software responds to exploitation attempts.

Overview

Penetration testing, or ethical hacking, is the process of simulating an attack on a system to find security weaknesses that malicious users could exploit. Unlike vulnerability assessments (which identify flaws), penetration tests go further—they actively exploit vulnerabilities in a controlled and legal way to measure risk and response.

Penetration testing is a critical step in securing high-risk systems. It reveals how an attacker might gain unauthorised access, extract data, or compromise functionality, and helps teams prioritise defence improvements.

Targets

In this topic, students learn to:

  • Define penetration testing and its role in secure software development

  • Distinguish between penetration testing and other security testing methods

  • Describe the phases of a penetration test

  • Identify tools and methods used in simulated attacks

Syllabus references

Secure software architecture

Developing secure code

  • Apply and evaluate strategies used by software developers to manage the security of programming code, including – penetration testing

How does penetration testing work?

A penetration test typically follows these stages:

1. Planning and reconnaissance

  • Define scope and rules of engagement (what is tested and what’s off-limits)

  • Gather information about the target system (e.g. open ports, DNS, IP ranges)

2. Scanning

  • Use tools to map the system’s structure

  • Identify running services, exposed APIs, outdated software, etc.

3. Exploitation

  • Attempt to exploit identified vulnerabilities

  • Escalate privileges, inject malicious code, or hijack sessions

4. Post-exploitation

  • Evaluate what an attacker could do after gaining access

  • Test for data exfiltration, lateral movement, or persistence

5. Reporting

  • Document each step and its result

  • Provide severity ratings, risk assessments, and remediation advice

Penetration testing tools

Common tools include:

  • Metasploit (exploit framework)

  • Burp Suite (web app testing)

  • OWASP ZAP (open-source DAST/pen testing)

  • Hydra (brute-force attacks)

  • SQLMap (SQL injection testing)

  • Wireshark (network analysis)

These tools are typically used by security professionals trained in ethical hacking, but simplified environments (e.g. Hack The Box, TryHackMe) provide safe learning platforms.

Pen testing vs other methods

Method
Approach
Focus

SAST

Static analysis

Code logic and structure

DAST

Dynamic test

Runtime behaviour (black-box)

Vulnerability scan

Passive scan

Known issues and weaknesses

Penetration test

Active exploitation

Real-world attack simulation

Best practices and legal considerations

  • Always conduct pen testing with written permission

  • Use safe, controlled environments to avoid disrupting services

  • Follow ethical guidelines and disclose findings responsibly

  • Coordinate with developers and stakeholders before and after testing

Summary

  • Penetration testing simulates real-world attacks to evaluate system resilience

  • It involves reconnaissance, exploitation, and reporting

  • Tools like Metasploit and Burp Suite help identify critical weaknesses

  • Pen testing complements other testing methods and supports a proactive security strategy

Previous422.53 Vulnerability assessmentNext423 Security by design and user context

Last updated

Was this helpful?