422.53 Penetration testing

Simulate real-world attacks to evaluate how software responds to exploitation attempts.

Overview

Penetration testing, or ethical hacking, is the process of simulating an attack on a system to find security weaknesses that malicious users could exploit. Unlike vulnerability assessments (which identify flaws), penetration tests go further—they actively exploit vulnerabilities in a controlled and legal way to measure risk and response.

Penetration testing is a critical step in securing high-risk systems. It reveals how an attacker might gain unauthorised access, extract data, or compromise functionality, and helps teams prioritise defence improvements.

Targets

In this topic, students learn to:

Define penetration testing and its role in secure software development
Distinguish between penetration testing and other security testing methods
Describe the phases of a penetration test
Identify tools and methods used in simulated attacks

Syllabus references

Secure software architecture

Developing secure code

Apply and evaluate strategies used by software developers to manage the security of programming code, including – penetration testing

How does penetration testing work?

A penetration test typically follows these stages:

1. Planning and reconnaissance

Define scope and rules of engagement (what is tested and what’s off-limits)
Gather information about the target system (e.g. open ports, DNS, IP ranges)

2. Scanning

Use tools to map the system’s structure
Identify running services, exposed APIs, outdated software, etc.

3. Exploitation

Attempt to exploit identified vulnerabilities
Escalate privileges, inject malicious code, or hijack sessions

4. Post-exploitation

Evaluate what an attacker could do after gaining access
Test for data exfiltration, lateral movement, or persistence

5. Reporting

Document each step and its result
Provide severity ratings, risk assessments, and remediation advice

Penetration testing tools

Common tools include:

Metasploit (exploit framework)
Burp Suite (web app testing)
OWASP ZAP (open-source DAST/pen testing)
Hydra (brute-force attacks)
SQLMap (SQL injection testing)
Wireshark (network analysis)

These tools are typically used by security professionals trained in ethical hacking, but simplified environments (e.g. Hack The Box, TryHackMe) provide safe learning platforms.

Pen testing vs other methods

Method

Approach

Focus

SAST

Static analysis

Code logic and structure

DAST

Dynamic test

Runtime behaviour (black-box)

Vulnerability scan

Passive scan

Known issues and weaknesses

Penetration test

Active exploitation

Real-world attack simulation

Best practices and legal considerations

Always conduct pen testing with written permission
Use safe, controlled environments to avoid disrupting services
Follow ethical guidelines and disclose findings responsibly
Coordinate with developers and stakeholders before and after testing

Summary

Penetration testing simulates real-world attacks to evaluate system resilience
It involves reconnaissance, exploitation, and reporting
Tools like Metasploit and Burp Suite help identify critical weaknesses
Pen testing complements other testing methods and supports a proactive security strategy

Previous422.53 Vulnerability assessment Next423 Security by design and user context

Last updated 5 months ago

Was this helpful?

hashtagOverview

hashtagTargets

hashtagSyllabus references

hashtagHow does penetration testing work?

hashtag1. Planning and reconnaissance

hashtag2. Scanning

hashtag3. Exploitation

hashtag4. Post-exploitation

hashtag5. Reporting

hashtagPenetration testing tools

hashtagPen testing vs other methods

hashtagBest practices and legal considerations

hashtagSummary