A Complete Penetration Testing Guide with Sample Test Cases

Penetration Testing is the process of identifying security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system are exploited in this process through an authorized simulated attack.

The purpose of this test is to secure important data from outsiders like hackers who can have unauthorized access to the system. Once the vulnerability is identified, it is used to exploit the system to gain access to sensitive information.

A penetration test is also known as a pen test and a penetration tester is also referred to as an ethical hacker.

Complete Penetration Testing Guide

What is Penetration Testing?

We can figure out the vulnerabilities of a computer system, a web application or a network through penetration testing.

A penetration test will tell whether the existing defensive measures employed on the system are strong enough to prevent any security breaches. Penetration test reports also suggest countermeasures which can be taken to reduce the risk of the system being hacked.

Causes of Vulnerability

  • Design and Development Errors: There can be flaws in the design of hardware and software. These bugs can put your business-critical data at risk of exposure.
  • Poor System Configuration: This is another cause of vulnerability. If the system is poorly configured, then it can introduce loopholes through which attackers can enter into the system & steal the information.
  • Human errors: Human factors like improper disposal of documents, leaving the documents unattended, coding errors, insider threats, sharing passwords over phishing sites, etc. can lead to security breaches.
  • Connectivity: If the system is connected to an unsecured network (open connections) then it comes within the reach of hackers.
  • Complexity: The security vulnerability rises in proportion to the complexity of a system. The more features a system has, the more are the chances of the system being attacked.
  • Password: Passwords are used to prevent unauthorized access. They should be strong enough that no one can guess your password. Passwords should not be shared with anyone at any cost and passwords should be changed periodically. In spite of these instructions, at times people reveal their passwords to others, write them down somewhere and keep easy passwords that can be guessed.
  • User Input: You must have heard of SQL injection, buffer overflows, etc. The data received electronically through these methods can be used to attack the receiving system.
  • Management: Security is hard & expensive to manage. Sometimes organizations lack behind in proper risk management and hence vulnerability gets induced in the system.
  • Lack of training to staff: This leads to human errors and other vulnerabilities.
  • Communication: Channels like mobile networks, internet, telephone opens up security theft scope.

Penetration Testing Tools and Companies

Automated tools can be used to identify some standard vulnerabilities present in an application. Pentest tools scan code to check if there is a malicious code present which can lead to a potential security breach.

Pentest tools can verify security loopholes present in the system by examining data encryption techniques and figuring out hard-coded values like usernames and passwords.

Criteria for selecting the best penetration tool:

  • It should be easy to deploy, configure and use.
  • It should scan your system easily.
  • It should categorize vulnerabilities based on severity that need an immediate fix.
  • It should be able to automate the verification of vulnerabilities.
  • It should re-verify the exploits found previously.
  • It should generate detailed vulnerability reports and logs.

Once you know what tests you need to perform you can either train your internal test resources or hire expert consultants to do the penetration task for you.

Recommended Penetration Testing Tools

#1) Acunetix

Acunetix WVS offers security professionals and software engineers alike a range of stunning features in an easy, straight-forward, and very robust package.

Acunetix Banner


#2) Intruder

Intruder_logo

Intruder is a powerful vulnerability scanner that finds cybersecurity weaknesses in your digital estate, explains the risks & helps with their remediation before a breach can occur. It is the perfect tool to help automate your penetration testing efforts.

Key features:

  • Over 9,000 automated checks across your entire IT infrastructure.
  • Infrastructure and web-layer checks, such as SQL injection and cross-site scripting.
  • Automatically scan your system when new threats are discovered.
  • Multiple integrations: AWS, Azure, Google Cloud, API, Jira, Teams, and more.
  • Intruder offers a 14-day free trial of its Pro plan.

#3) Astra Pentest

Astra Logo

Astra Pentest is a security testing solution compatible with any business across industries. They have an intelligent vulnerability scanner and a team of experienced and highly driven pen-testers ensuring every vulnerability is detected, and the most efficient fix is suggested.

Key Features:

  • Interactive dashboard
  • Continuous scanning through CI/CD integration
  • Detects business logic errors, price manipulation, and privileged escalation vulnerabilities.
  • Scan behind the logged-in page thanks to Astra’s login recorder extension
  • Scan progressive web apps (PWA) and single-page apps
  • Real-time compliance reporting
  • Zero false positives

Uncover vulnerabilities before hackers with their intelligent scanner and manage your entire security from a CXO and developer-friendly dashboard. Select a plan as per your needs.


Recommended Penetration Testing Company

#1) Software Secured

Software Secured Logo

Software Secured helps development teams at SaaS companies to ship secure software through Penetration Testing as a Service (PTaaS). Their service provides more frequent testing for teams that push out code more frequently and is proven to find over twice as many bugs in a year as a one-time penetration test.

Key Features:

  • Mix of manual and automated testing with regular team rotations to provide fresh perspectives.
  • Comprehensive testing aligned with major launches multiple times per year.
  • Continuous reporting and unlimited re-testing of new features and patches all year long.
  • Constant access to security expertise and advisory services.
  • Includes advanced threat modeling, business logic testing, and infrastructure testing.

Other Free Tools:

Commercial Services:

You can also refer to the list available at STH that talks about 37 powerful penetration testing tools => Powerful Penetration Testing Tools For Every Penetration Tester


Why Penetration Testing?

You must have heard of the WannaCry ransomware attack that started in May 2017. It locked more than 2 lakh computers around the world and demanded ransom payments qfrom the Bitcoin cryptocurrency. This attack has affected many big organizations around the globe.

With such massive & dangerous cyber-attacks happening these days, it has become unavoidable to do penetration testing at regular intervals to protect the information systems against security breaches.

Penetration Testing is mainly required for:

  • Financial or critical data must be secured while transferring it between different systems or over the network.
  • Many clients are asking for pen testing as part of the software release cycle.
  • To secure user data.
  • To find security vulnerabilities in an application.
  • To discover loopholes in the system.
  • To assess the business impact of successful attacks.
  • To meet the information security compliance in the organization.
  • To implement an effective security strategy within the organization.

Any organization needs to identify security issues present in the internal network and computers. Using this information, organizations can plan a defense against any hacking attempt. User privacy and data security are the biggest concerns nowadays.

Imagine if any hacker manages to get user details of a social networking site like Facebook. The organization could face legal issues due to a small loophole left in a software system. Hence, big organizations are looking for PCI (Payment Card Industry) compliance certifications before doing any business with third-party clients.

What Should Be Tested?

What should be tested

  • Software (Operating systems, services, applications)
  • Hardware
  • Network
  • Processes
  • End-user behavior

Penetration Testing Types

#1) Social Engineering Test: In this test, attempts are being made to make a person reveal sensitive information like passwords, business-critical data, etc. These tests are mostly done through phone or internet and it targets certain helpdesks, employees & processes.

Human errors are the main causes of security vulnerability. Security standards and policies should be followed by all staff members to avoid social engineering penetration attempts. Examples of these standards include not to mention any sensitive information in email or phone communication. Security audits can be conducted to identify and correct process flaws.

#2) Web Application Test: Using software methods, one can verify if the application is exposed to security vulnerabilities. It checks the security vulnerability of web apps and software programs positioned in the target environment.

#3) Physical Penetration Test: Strong physical security methods are applied to protect sensitive data. This is generally used in military and government facilities. All physical network devices and access points are tested for the possibility of any security breach. This test is not very relevant to the scope of software testing.

#4) Network Services Test: This is one of the most commonly performed penetration tests where the openings in the network are identified by which entry is being made in the systems on the network to check what kind of vulnerabilities are there. This can be done locally or remotely.

#5) Client-side Test: It aims to search and exploit vulnerabilities in client-side software programs.

#6) Remote dial-up war dial: It searches for modems in the environment and tries to log in to the systems connected through these modems by password guessing or brute-forcing.

#7) Wireless Security Test: It discovers open, unauthorized and less secure hotspots or Wi-Fi networks and connects through them.

The above 7 categories we have seen are one way of categorizing the types of pen tests.

We can also organize the types of penetration testing into three parts as seen below:

Types of Penetration Testing

Let’s discuss these testing approaches one by one:

  • Black Box Penetration Testing: In this approach, the tester assesses the target system, network or process without the knowledge of its details. They just have a very high level of inputs like URL or company name using which they penetrate the target environment. No code is being examined in this method.
  • White Box Penetration Testing: In this approach, the tester is equipped with complete details about the target environment – Systems, network, OS, IP address, source code, schema, etc. It examines the code and finds out design & development errors. It is a simulation of an internal security attack.
  • Grey Box Penetration Testing: In this approach, the tester has limited details about the target environment. It is a simulation of external security attacks.

Pen Testing Techniques

  • Manual Penetration Test
  • Using automated penetration testing tools.
  • Combination of both manual and automated processes.

The third process is more common to identify all kinds of vulnerabilities.

Manual Penetration Test:

It’s difficult to find all vulnerabilities using automated tools. There are some vulnerabilities that can only be identified by manual scan. Penetration testers can perform better attacks on applications based on their skills and knowledge of the system being penetrated.

Methods like social engineering can be done by humans. Manual checks include design, business logic as well as code verification.

Penetration Test Process:

Let’s discuss the actual process followed by test agencies or penetration testers. Identifying vulnerabilities present in the system is the first important step in this process. Corrective action is taken on this vulnerability and the same penetration tests are repeated until the system is negative to all those tests.

We can categorize this process in the following methods:

Methods of manual penetration testing

#1) Data Collection: Various methods including Google search are used to get target system data. One can also use the web page source code analysis technique to get more info about the system, software and plugin versions.

There are many free tools and services available in the market which can give you information like database or table names, DB versions, software versions, the hardware used and various third-party plugins used in the target system.

#2) Vulnerability Assessment: Based on the data collected in the first step, one can find the security weakness in the target system. This helps penetration testers to launch attacks using identified entry points in the system.

#3) Actual Exploit: This is a crucial step. It requires special skills and techniques to launch an attack on the target system. Experienced penetration testers can use their skills to launch an attack on the system.

#4) Result in analysis and report preparation: After completion of penetration tests, detailed reports are prepared for taking corrective actions. All identified vulnerabilities and recommended corrective methods are listed in these reports. You can customize the vulnerability report format (HTML, XML, MS Word or PDF) as per your organization’s needs.

Penetration Testing Sample Test Cases (Test Scenarios)

Remember this is not functional testing. In Pentest, your goal is to find security holes in the system.

Given below are some generic test cases and are not necessarily applicable to all applications.

  1. Check if the web application is able to identify spam attacks on contact forms used on the website.
  2. Proxy server – Check if network traffic is monitored by proxy appliances. The proxy server makes it difficult for hackers to get internal details of the network, thereby protecting the system from external attacks.
  3. Spam email filters – Verify if incoming and outgoing email traffic is filtered and unsolicited emails are blocked.
  4. Many email clients come with inbuilt spam filters that need to be configured as per your needs. These configuration rules can be applied to email headers, subject or body.
  5. Firewall – Make sure that the entire network or computer is protected by firewalls. A Firewall can be software or hardware that blocks unauthorized access to a system. Firewalls can prevent sending data outside the network without your permission.
  6. Try to exploit all servers, desktop systems, printers, and network devices.
  7. Verify that all usernames and passwords are encrypted and transferred over secure connections like https.
  8. Verify information stored in website cookies. It should not be in a readable format.
  9. Verify previously found vulnerabilities to see if the fix is working.
  10. Verify if there is no open port on the network.
  11. Verify all telephone devices.
  12. Verify WiFi network security.
  13. Verify all HTTP methods. PUT and Delete methods should not be enabled on a web server.
  14. Verify if the password meets the required standards. The password should be at least 8 characters long containing at least one number and one special character.
  15. Username should not be “admin” or “administrator”.
  16. The application login page should be locked upon a few unsuccessful login attempts.
  17. Error messages should be generic and should not mention specific error details like “Invalid username” or “Invalid password”.
  18. Verify if special characters, HTML tags, and scripts are handled properly as an input value.
  19. Internal system details should not be revealed in any of the error or alert messages.
  20. Custom error messages should be displayed to end-users in case of a web page crash.
  21. Verify the use of registry entries. Sensitive information should not be kept in the registry.
  22. All files must be scanned before uploading them to the server.
  23. Sensitive data should not be passed on to URLs while communicating with different internal modules of the web application.
  24. There should not be any hardcoded username or password in the system.
  25. Verify all input fields with long input strings with and without spaces.
  26. Verify if the reset password functionality is secure.
  27. Verify application for SQL Injection.
  28. Verify the application for Cross-Site Scripting.
  29. Important input validation should be done on the server-side instead of JavaScript checks on the client-side.
  30. Critical resources in the system should be available to authorized persons and services only.
  31. All access logs should be maintained with proper access permissions.
  32. Verify user session ends upon log off.
  33. Verify that directory browsing is disabled on the server.
  34. Verify that all applications and database versions are up to date.
  35. Verify URL manipulation to check if a web application is not showing any unwanted information.
  36. Verify memory leak and buffer overflow.
  37. Verify if incoming network traffic is scanned to find Trojan attacks.
  38. Verify if the system is safe from Brute Force Attacks – a trial and error method to find sensitive information like passwords.
  39. Verify if the system or network is secured from DoS (denial-of-service) attacks. Hackers can target a network or a single computer with continuous requests due to which resources on the target system get overloaded resulting in the denial of service for legit requests.
  40. Verify the application for HTML script injection attacks.
  41. Verify against COM & ActiveX attacks.
  42. Verify against spoofing attacks. Spoofing can be of multiple types – IP address spoofing, Email ID spoofing,
  43. ARP spoofing, Referrer spoofing, Caller ID spoofing, Poisoning of file-sharing networks, GPS spoofing.
  44. Check for an uncontrolled format string attack – a security attack that can cause the application to crash or execute the harmful script on it.
  45. Verify the XML injection attack – used to alter the intended logic of the application.
  46. Verify against canonicalization attacks.
  47. Verify if the error page is displaying any information that can be helpful for a hacker to enter into the system.
  48. Verify if any critical data like the password is stored in secret files on the system.
  49. Verify if the application is returning more data than is required.

These are just the basic test scenarios to get started with Pentest. There are hundreds of advanced penetration methods which can be done either manually or with the help of automation tools.

Further Reading:

Pen Testing Standards

  • PCI DSS (Payment Card Industry Data Security Standard)
  • OWASP (Open Web Application Security Project)
  • ISO/IEC 27002, OSSTMM (The Open Source Security Testing Methodology Manual)

Certifications

  • GPEN
  • Associate Security Tester (AST)
  • Senior Security Tester (SST)
  • Certified Penetration Tester (CPT)

Conclusion

Finally, as a penetration tester, you should collect and log all vulnerabilities in the system. Don’t ignore any scenario considering that it won’t be executed by the end-users.

If you are a penetration tester, please help our readers with your experience, tips, and sample test cases on how to perform Penetration Testing effectively.

Recommended Reading

80 thoughts on “A Complete Penetration Testing Guide with Sample Test Cases”

  1. there are hundreds of commercial as well free tools available. this made the pen testing much easier.

    Reply
  2. thanks vijay nice post, help to understand on Penetration testing

    Reply
  3. There are industry standard scanning tools available which scans through the code and give the types of vulneabilities – Authorization & Authentication validation issues, SQL injection, cross site scripting,broken access controls,Configuration issues etc., EC Council conducts a certification on CEH(Certified Ethical Hacking) and there are other related certifications like CISA etc.,

    Reply
  4. Nice post !!! Many test cases are covered in the pen testing. Is there any learning course available for this ? if anybody have any idea please suggest.

    Reply
  5. Informative.

    Reply
  6. Hi Vijay,
    The time stamp of our comments is -5:30 of IST.
    Is it an error or to my ignorance, is this blog time set as per the time from where you are blogging.

    Reply
  7. Sir,
    Can you tell me How to hack flex+java web application.
    I am testing flex+java application.
    Give me resource

    Thanks
    Kiran

    Reply
  8. Thanks Gunasekaran for listing the CEH(Certified Ethical Hacking) certification. It’s also one of the best ethical hacking certifications.

    Reply
  9. Fortify is tool to perform scurity test at deveoper level

    Reply
  10. Nice post …

    Reply
  11. nice post for security testing…..

    Reply
  12. Hi ..

    Really its a nice informative information and your blog is so nice. Good work..

    Keep It up.

    Thanks
    Sukumar Jena

    Reply
  13. nice.thanks for the info

    Reply
  14. Thank you for posting this article. I learned something new about penetration testing.

    Reply
  15. Can i get information about how to test web based application testing in mobile.I need how to test step by step details?

    Reply
  16. Nice Article. Gave a thorough insight on Penetration Testing.

    Reply
  17. good knowledge to you and very nice

    Reply
  18. Any one say how to test web application in initial stage(manualy & automation).which one recently used automation tool & how to work with automation? can any one say sample application web testing?

    Reply
  19. This website is extremely informative and helps all varieties of software testers around the globe .This site is not just for beginners who are not just enthusiastic but also for experts as a reference.I wish all the best for the site conductors and admins and hopefully they continue to contribute their valuable services to spread knowledge in Manual and Automated Testing.

    Reply
  20. Can anyone help me in understanding what is the difference between Pen & Security testing?

    Reply
  21. good KT..Thank You…

    Reply
  22. Its a very good info for me,
    can you please suggest a open source tool for pentesting with examples and how to use it.

    Can you suggest any websites for practicing the pentest

    Reply
  23. Nice Post Vijay. If you can provide more test cases based on OWASP top 10 users will be benefited.

    Regards
    Srini Elluri

    Reply
  24. Absolutely top class site and information! agree with other comments that help on this site serves testing professionals at all levels of experience. Kudos and carry on the great work please.

    Reply
  25. Dear Sir,

    Reply
  26. Dear Sir,
    I am fresher for the penetration Testing, i need to know how to do the network penetration easily, which tool is easy to do the network penetration testing , and PLEASE SEND ME THE STEP BY STEP GUIDE FOR THE NETWORK PENETRATION TESTING.

    Reply
  27. I would like to learn about software application security.So, which site is best for details knowledge about it.

    Reply
  28. Hi, i am a beginner in the pen testing field, want to know the in & out of Vulnerability Assessment & Penetration Testing(VAPT), i.e want the knowledge of OWASP listed vulnerabilities, how to find them(step by step detail) in thin and thick client using automated & by manual process. please email me regarding the same.

    Reply
  29. Hi, i am a beginner in the pen testing field, want to know the in & out of Vulnerability Assessment & Penetration Testing(VAPT), i.e want the knowledge of OWASP listed vulnerabilities, how to find them(step by step detail) in thin and thick client using automated & by manual process. please email me regarding the same.
    my Email ID: prajakata.patil189@gmail.com

    Reply
  30. Ols can some send to me the actual Certified penetration tester part one questions and answers

    Reply
  31. Hi, I am a beginner in the pen testing field, I want to know the in & out of Vulnerability Assessment & Penetration Testing(VAPT), i.e I want the knowledge of OWASP listed vulnerabilities, how to find them(step by step detail) in thin and thick client using automated & by manual process. please email me regarding the same.
    my Email ID: sanjay.b2000@gmail.com

    Reply
  32. can we do penetration testing in mobile ?

    Reply
  33. Hi, i am a beginner in the pen testing field, want to know the in & out of Vulnerability Assessment & Penetration Testing(VAPT), i.e want the knowledge of OWASP listed vulnerabilities, how to find them(step by step detail) in thin and thick client using automated & by manual process. please email me regarding the same.
    my Email ID: khushbusharma3194@gmail.com

    Reply
  34. Hi Khusbu, where are you from?

    Reply
  35. very informative, all technicians doing IT job should very much aware of all this.

    Reply
  36. Great article! ExploitDB can be very helpful for anyone who’s wondering.

    Reply
  37. Hi Vijay,
    Very nice post on the Pen test. Do you have any sample Test Plan for Pen Testing of any product/application. As I understand it differs from the Functional Test plan. Can you please share if possible.

    Thanks a Ton…

    Reply
  38. Very nice for beginners…. can you post in advance ..

    Reply
  39. Very Helpful information.

    Reply
  40. Nice artical ,This site is best about knowlse of penestration testing….

    Reply
  41. Very nice. Bahut julum.

    Reply
  42. Hi Sir,

    Iam new to VA&PT test,My manager gave me 40 pen test tools and me to evaluate which tool is the best one for go-live

    My doubt is what are key points need to differentiate between tools individually.

    please tell me

    Reply
  43. Hi,

    Can you please guide me in the VAPT open source tools .

    Reply
  44. Hi Vijay,
    Nice article about Penetration testing

    Rama

    Reply
  45. Hi,

    Can anyone share the ppt oe pdf documents for pen testing for the beginners. I have experience in testing but wanted to learn on pen testing. please share with me if anyone have. Also can share the interview questions. if you have any screenshots of how to test,etc,etc

    Reply
  46. Hi,

    Can anyone share the ppt oe pdf documents for pen testing for the beginners. I have experience in testing but wanted to learn on pen testing. please share with me if anyone have. Also can share the interview questions. if you have any screenshots of how to test,etc,etc.

    abubackerrafi@gmail.com

    Thanks
    Rafi

    Reply
  47. “Error messages should be generic and should not mention specific error details like “Invalid username” or “Invalid password”.
    Why should it be generic? For the end-user isn’t more user-friendly to be more specific? Most clients we’ve encountered does not appreciate generic messages.

    Reply
  48. Thanks ,tools is very helpful.My favorite scanner is acunetix and uniscan..

    Reply
  49. can any know what type of information need to be collected before performing Pen test..

    Reply
    • hi,

      nice articles thanks for sharing !!

      Reply
    • There are various aspects. Information gathering is the part of social engineering so its totally a deep dive in ocean. you can use OSINT framework or multiple open source tools for information gathering.

      Reply
  50. Pen Testing and security testing has become very important aspect of Software Development Lifecycle .
    This post has very concise and useful information one single post . Keep up the good work.

    Reply
  51. Do you have some test data on DDOS penetration testing?

    Reply
  52. Very Good Article, Very Helpful.

    Reply
  53. Hi, i am a beginner in the pen testing field, want to know the in & out of Vulnerability Assessment & Penetration Testing(VAPT), i.e want the knowledge of OWASP listed vulnerabilities, how to find them(step by step detail) in thin and thick client using automated & by manual process. please email me regarding the same.
    “Error messages should be generic and should not mention specific error details like “Invalid username” or “Invalid password”.
    Why should it be generic? For the end-user isn’t more user-friendly to be more specific? Most clients we’ve encountered does not appreciate generic messages.

    Hi Sir,

    Iam new to VA&PT test,My manager gave me 40 pen test tools and me to evaluate which tool is the best one for go-live

    My doubt is what are key points need to differentiate between tools individually.

    please tell me

    Pen Testing and security testing has become very important aspect of Software Development Lifecycle .
    This post has very concise and useful information one single post . Keep up the good work.

    Absolutely top class site and information! agree with other comments that help on this site serves testing professionals at all levels of experience. Kudos and carry on the great work please.

    Reply
  54. Informative and helpful for beginners. But, can i get Video tutorials with practical sessions on Pen-test and Vulnerability assessment.

    This is my email-ID: kahsay081@gmail.com

    Thanks
    kahsay:

    Reply
    • go with simulation platform like tryhackme or hack the box

      Reply
  55. The LPT standardizes the knowledge base for penetration testing professionals by incorporating best practices followed by experienced experts in the field.Thanks for sharing this blog with us.

    Reply
  56. Thank you soo much

    Reply
  57. Dear Sir,
    I am fresher for the penetration Testing, i need to know how to do the network penetration easily, which tool is easy to do the network penetration testing , and PLEASE SEND ME THE STEP BY STEP GUIDE FOR THE NETWORK PENETRATION TESTING. Also interested to learm Wifi hacking using Aotomated softwares.
    My Email ID : ramzzz1974@gmail.com

    Reply
    • Learn it yourself, man. You are being very very naive and nobody is going to spoon feed you STEP BY STEP GUIDE.

      Reply
  58. Thanks for the information, this is highly valuable info.. i’ll try to read all available test report files and give you my feedback.

    Thanks,
    Rajamohan Reddy

    Reply
  59. Informative and helpful Post Clear all my doubts. Pen Testing and security testing has become a very important aspect of Software Development Lifecycle.
    This post has very concise and useful information. Keep up the good work

    Reply
  60. Dear sir,
    I would like to know the necessary tools I’ll need for pen testing
    Here is my mail
    Dazzywale@gmail
    Thanks

    Reply
  61. Great Job, Appreciate the efforts. Its simple but very effective.

    Raja V

    Reply
  62. Hi, I am a beginner in the pen testing field, want to know the in & out of Vulnerability Assessment & Penetration Testing(VAPT), i.e want the knowledge of OWASP listed vulnerabilities, how to find them(step by step detail) in the thin and thick client using automated & by manual process. please email me regarding the same

    Reply
  63. I AM BE FROM IT BRANCH PASSED IN 2018 AND I HAVE DONE ADDITIONAL COURSE IN SOFTWARE TESTING ,IS THERE ANY VACANCY RELATED TO ME PLEASE INFROM ME ON MY MAIL:-kirti.gathade111@gmail.com

    Reply
  64. I AM kirti ,BE FROM IT BRANCH PASSED IN 2018 AND I HAVE DONE ADDITIONAL COURSE IN SOFTWARE TESTING ,IS THERE ANY VACANCY RELATED TO ME PLEASE INFROM ME ON MY MAIL:-kirti.gathade111@gmail.com

    Reply
  65. hi can anyone help me? Let say there is a website that have sql injection security, is there other issue related? Especially for login page or website with authorization?

    Reply
  66. thanks for the article. can you make tutorial on how to use bettercap to downgrade https to http so that hacker can intercept?

    Reply
  67. hey i am an beginner and wanna know more about manuel pentesting..i d be gratefull if you send me an sample and a guideline

    atahaninal97@gmail.com

    Reply
  68. Pen testing or penetration testing is an ethical hacking process which involves assessing an application or an organization’s infrastructure for different types of vulnerabilities. This process of pen testing helps to exploit the various vulnerabilities within the system and the reasons for these vulnerabilities include certain misconfigurations, poorly designed architecture, insecure code, etc.

    Reply
  69. Thanks for posting useful information. Your Blog helps to clarify a few terms for me as well as giving. Great article and interesting

    Reply
  70. Good day to you,
    I am a beginner in the pen testing field, want to know the in & out of Vulnerability Assessment & Penetration Testing(VAPT), i.e want the knowledge of OWASP listed vulnerabilities, how to find them(step by step detail) in the thick and thin client using automated & by manual process. please email me regarding the same

    Reply
  71. Hi everyone here!
    It’s with deep sense of humor and concern I write to appreciate your very interesting and well guided Article on the domain of PenTest. With your courage & motivations and simple & straight forward kind of writeup, I feel the blowing courage to take career in Pen Testing after now.

    To put me through as you always do to others, please have my email ID ‘ahmadjajere1@gmail.com’ and I will be anticipating your kind guidance soonest.

    Thank you and best wishes.

    Reply
  72. hello everyone
    can anyone help me how to choose a vulnerability for pen testing. am done with scanning for Metasploit 2, metasploit 3 and i found lot of vulnerability’s but dont know which vulnerability to select and which exploit and payload to apply .

    Reply
  73. id like to perform a pen testing on mobile devices such as android os or ios. however, im still beginner. anyone would like to help out about the mobile device pen testing

    Reply

Leave a Comment