Phase III - External Penetration Testing
Penetration testing is security testing when the tester attempts to circumvent your network from the Internet and attempt to gain network access. This testing is highly recommended for complex or critical systems.
After identifying hosts on the network that can be reached from the outside, an attempt then is made to compromise one host. If successful, then this host is leveraged to attempt to compromise other hosts not generally accessible from outside. This is why penetration testing is an iterative process that leverages minimal access to eventually gain access.
A penetration is deemed successful when one or more of the following is accomplished:
Gain external privileged access into an organization’s digital infrastructure
Obtain internal data residing on the protected internal network
Upload files to demonstrate privileged level access to an internal system
View information externally whose purpose is intended specifically for personnel within the network
| 