Penetration tester

The surprisingly wide world of cybersecurity penetration testing

Cybersecurity penetration testing (pen testing) is a process often performed by groups engaged in ethical hacking. Acting in an authorized manner, they attempt to breach a company's defenses within the boundaries of set criteria. The simulation exposes the vulnerable paths that a cyberattack could exploit and therefore helps companies validate their security posture.

A pen test is a pen test?

The trouble with a definition is that it can be too narrow. In truth, cybersecurity pen tests vary widely in scope and depth. For example, one company may only target a handful of Internet-facing web addresses. For another, internal addresses (LAN and wireless) may be in scope.

Beyond addresses, pen tests can go deep enough to encompass a complete physical and social engineering campaign. In this intense simulation, ethical hackers examine all IP addresses (internal and external). They try to physically enter facilities by badge cloning, piggybacking, or tailgating employees. They're also authorized to test overall security-mindedness through social interactions such as:

  • Phishing — tricking individuals into giving up useful information or clicking a malicious link through email, phone calls, or text
  • Baiting (USB drops) — luring employees to plug in infected media by appealing to their curiosity
  • Pretexting — impersonating a co-worker or authority figure to collect personal data under the guise of confirming the victim's identity
  • Dumpster diving — scanning trash cans and workspaces for passwords, personal data, and sensitive business information

How penetration testing works

Although scope varies, there are six steps common to almost every pen test:

  1. Planning and Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access (optional)
5. Analyzing and Configuring Modifications
6. Rescanning (optional)


1. Planning and Reconnaissance

Step one can be summarized largely as data gathering. The data types and quantity depend entirely on the pen test parameters. A company might provide the required knowledge upfront. Or, the pen tester may attempt to gather information by mirroring a bad actor (hacker) if the project calls for it.

2. Scanning

Next, the pen tester uses the company information to scan for system vulnerabilities. They move from a general to a specific format. In other words, they check for obvious vulnerabilities first, then go deeper to uncover obscure entry points.

3. Gaining Access

With insight gleaned in the first two steps, the pen tester is ready to try to hack into one or more systems. The scope and depth of the project dictate their level of intrusiveness. Does the company simply want proof it can be done? Or, do they want the pen tester to present copies of the sensitive data they're able to retrieve?

4. Maintaining Access

Maintaining Access is an optional step. Some companies want to know how long a pen tester can stay connected as part of the evidence of the breach path.

5. Analyzing and Configuring Modifications

Learning how a hacker might get into your system is nearly useless without action. In step five, the tester helps their customer analyze each successful attack vector and implement configuration and design modifications to mitigate the risk.

6. Rescanning

Though not required, a second scan is highly recommended to validate the effectiveness of step five solutions against a future attack.


How often should you conduct a cybersecurity penetration test?

Many compliance and certification requirements call for an IT penetration test. These may dictate your frequency, but we recommend a minimum of one per year. Understanding how drastically different your needs may be, determine your goals to define the appropriate criteria before engaging with an ethical hacking partner.

Would your system withstand an attack? ERP Suites offers cybersecurity penetration testing and managed security services to help you maintain a strong security posture.