Planning and Preparation
In order to make the penetration test done in an organization a success, a great deal of preparation needs to be done. Ideally an initial meeting will be arranged between the organization and the penetration testers. That initial meeting must discuss the matter concerning the scope and objective of the penetration test as well as the parties involved. There must be a clear objective for the penetration test to be conducted. In most cases the objective of a penetration test is to demonstrate that exploitable vulnerabilities exist within an organization’s network infrastructure. The scoping of the penetration test is done by identifying the machines, systems and network, operational requirements and the staff involved.
The form in rights which the results or outcome of the test is presented should also be agreed upon the penetration testers and the organization. Full organization will not be disrupted. Penetration tests may need to be run at particular times of day. There may be conflicts between the need to ensure that everything is secure and covered.
Penetration testing is often done, for two reasons. This is either to increase upper management awareness of security issues or to test intrusion detection and response capabilities. It also helps in assisting the higher management in decision-making processes. The management of an organization might want to address its system weaknesses that are found through a penetration test. Addressing all the weaknesses that are found in a vulnerability assessment can be costly and most organizations might not be able allocate the budget to do this.
Vulnerabilities in the network or servers may cause serious consequences to the organization. The vulnerabilities can be compromised by unauthorized intruders during an insecured state of use.