Infrastructure penetration testing

Infrastructure penetration testing is a generic term covering testing of operating systems, network services, network devices and other targets. Its objective is to identify vulnerabilities and misconfigurations that can be exploited to obtain unauthorised access to data, systems or hosted applications. Specific testing activities and methodologies may differ depending on the scope and objectives of the infrastructure testing engagement but most engagements involve the following steps:

  1. Identification and enumeration of targets of testing
  2. Reconnaissance and information gathering
  3. Identification of any present vulnerabilities, weaknesses or misconfiguration
  4. Testing and exploitation of identified vulnerabilities
  5. Post-exploitation activities
  6. Reporting and recommendations to address the identified issues

All of the above is performed in strict conformance with the client requirements taking into account the scope and the objectives of testing as well as any applicable technical or organisational restrictions.