1
00:00:09,860 --> 00:00:11,460
Let us begin a new little.

2
00:00:12,340 --> 00:00:14,080
Phases of penetration testing.

3
00:00:15,570 --> 00:00:22,230
In this lecture, we will see the five important phases of penetration testing, which are being categorized

4
00:00:22,230 --> 00:00:23,850
into three main categories.

5
00:00:25,260 --> 00:00:32,700
Let's explore the first one that is the pre attack fits in this phase, planning and preparation is

6
00:00:32,700 --> 00:00:37,410
very crucial then which meterology we are going to use for the test is decided.

7
00:00:38,010 --> 00:00:45,750
And then the network and information gathering, a penetration test also known as a pen test at a simulated

8
00:00:45,750 --> 00:00:50,550
cyber attack against your computer system to check for expert nativities.

9
00:00:52,070 --> 00:00:58,930
Insights provided by the penetration tester can be used for fine tune your security policies and patch

10
00:00:58,940 --> 00:01:06,560
detected vulnerabilities before you do a penetration testing, which is always important to create a

11
00:01:06,560 --> 00:01:10,460
proper model which involves the following pieces.

12
00:01:10,940 --> 00:01:13,130
The first one is planning and reconnaissance.

13
00:01:14,120 --> 00:01:20,240
The first stage involves defining the scope and goals of a test, including the systems to be addressed

14
00:01:20,240 --> 00:01:22,190
and the testing methods to be used.

15
00:01:23,070 --> 00:01:28,950
Gathering intelligence that is network and domain names to better understand how Watergate works is

16
00:01:28,950 --> 00:01:29,850
also important.

17
00:01:32,770 --> 00:01:40,900
The next is a attack phase in this phase, the penetration perimeter is decided, then acquiring the

18
00:01:40,900 --> 00:01:45,380
target access and then escalating privileges is important.

19
00:01:46,750 --> 00:01:53,560
No attack phase involves the following phases, first one is scanning, scanning is to understand how

20
00:01:53,560 --> 00:01:57,280
the target application and respond to various intrusion attempts.

21
00:01:57,940 --> 00:02:01,990
This is typically done using static analysis and dynamic analysis.

22
00:02:02,410 --> 00:02:06,090
The next is gaining access that is acquiring target.

23
00:02:07,000 --> 00:02:15,010
This stage uses of application attacks such as cross scripting, skill injection and back those.

24
00:02:16,920 --> 00:02:23,490
Testers then try and exploit these vulnerabilities typically by escalating privileges, stealing data,

25
00:02:23,790 --> 00:02:27,630
intercepting traffic to understand the damage they can cause.

26
00:02:28,670 --> 00:02:35,870
And the last is maintaining access, the goal of this day is to see if the world really can be used

27
00:02:35,870 --> 00:02:42,470
to achieve a persistent presence in the water system that is too long enough for a bad actor to gain

28
00:02:42,470 --> 00:02:43,520
in-depth access.

29
00:02:44,540 --> 00:02:50,990
The idea is to initiate, which often remain in a system for months in order to steal an organization's

30
00:02:50,990 --> 00:02:53,900
most sensitive data and expectation.

31
00:02:55,160 --> 00:03:03,230
And the finalist post attack office here, analysis of the attack is done, the results of the penetration

32
00:03:03,230 --> 00:03:10,280
test are then compiling to a report, which we often call as a report documenting the specific vulnerabilities

33
00:03:10,280 --> 00:03:16,340
that we exploited, sensitive data that does exist and the amount of the time spent testing was able

34
00:03:16,340 --> 00:03:18,110
to remain in the system undetected.

35
00:03:18,890 --> 00:03:25,700
This information is analyzed by security personnel to help configure an enterprise framework settings

36
00:03:25,700 --> 00:03:31,110
and application security solutions to patch vulnerabilities and protect against future attacks.

37
00:03:31,820 --> 00:03:37,940
So whenever you're going to do a penetration test, make sure that you follow all these steps and do

38
00:03:37,940 --> 00:03:40,430
not randomly start attacking the application.

39
00:03:41,060 --> 00:03:47,240
If you are a professional penetration test, you must follow all these three phases in order to carry

40
00:03:47,240 --> 00:03:49,190
out successful penetration test.

41
00:03:50,810 --> 00:03:58,160
In the next lecture, we'll see the top 10 things a security expert looks for whenever he performs a

42
00:03:58,160 --> 00:03:59,150
security test.