July 20, 2023

Penetration Testing (sometimes referred to as Ethical Hacking) can identify vulnerabilities in applications, networks and system before they can be maliciously exploited by attackers in production, saving organisations money, time and reputational damage.

Through conducting thorough vulnerability assessments and / or penetration tests that assess the security of your applications, networks and system, the penetration tester can provide a detailed assessment of the security of your systems and list of any vulnerabilities found. The penetration tester will be able to demonstrate how to exploit any discovered vulnerabilities without causing any harm to the target systems, be able to assess the impact of the vulnerabilities and show how they can be remediated.


There are a number of approaches for penetration testing, depending on the position of the attacker (internal position vs. external position) and whether the attacker is afforded knowledge of the system or has to gain knowledge of the system through discovery, exploration and reconnaissance techniques.

• BLACK BOX - Tester has little to no information about the application / systems under test, simulating an external attacker with limited knowledge of the target.

• WHITE BOX - Tester has full (administrator) access, documentation, configuration, source code and knowledge of the application / system / environment under test. More time can be spent on exploiting issues rather than information discovery.

• GREY BOX - A trade-off between black and white box. Tester has partial knowledge of / access to the application / system under test without access to source code and less dependency on developer assistance during the test.


We follow a broad methodology for penetration testing, which is determined by the approaches described above and the amount of information gathering / reconnaissance we have to do, and / or what we are already given.

i). PLANNING / PREPARATION - This is the initial step where the penetration test is meticulously planned, defining the team, timeframes, required tools, and the systems in scope for testing.

ii). RECONNAISSANCE / INFORMATION GATHERING - The penetration tester attempts to gather information about the target which can be used to plan and construct attacks which can assess the security of the system. It may include an element of threat modelling to identify where potential and likely threats may come from and concentrate on.

iii). VULNERABILITY SCANNING - The penetration tester uses manual techniques and automated scanning tools to explore application, infrastructure and network weaknesses which could possibly be exploited.

iv). VULNERABILITY ASSESSMENT - The penetration tester uses all of the data from the previous two phases to identify potential vulnerabilities and determine whether they can be exploited.

v). EXPLOITATION - The penetration tester then attempts to infiltrate the system by passively exploiting the vulnerabilities identified in the previous phase, to gauge what extent is the penetration tester able to exploit these weaknesses and to what extent is the security of the system at risk to attack.

vi). REPORTING / CLEAN UP - The penetration tester prepares and presents a summary of the test with detailed reporting into the test activity, the findings of the test, the exploits achievable and their consequence, the recommendations for remediating issues and improving processes by providing guidelines to incorporate security testing into existing software development lifecycles.


The scope and technologies involved in the penetration test may require more that multiple penetration test tools are used in the exercise, therefore penetration tests require specialists with knowledge of multiple penetration test tools in multiple areas and how to uncover vulnerabilities using them.

• STATIC APPLICATION SECURITY TESTING (SAST) TOOLS - Fortify Static Code Analyzer, Veracode, SonarQube - Can we identify potential security issues just by scanning the application source code ?

• DYNAMIC APPLICATION SECURITY TESTING (DAST) TOOLS - Fortify WebInspect, OWASP Zed Attack Proxy, Burp Suite Professional - Can we exploit security issues in the running application ?

• NETWORK SCANNERS - Zenmap / Nmap - Can we check the network / infrastructure for vulnerabilities such as insufficiently protected open ports ?

• PACKET SNIFFERS / NETWORK MONITORING - Wireshark, Telerek Fiddler - Are we able to read and write data transmitted over unsecure or compromised networks ?

• SQL INJECTION / DATABASE TAKEOVER - sqlmap - Can we perform SQL Injection attacks to bypass login, return sensitive data from the database or even drop database tables ?

• SOFTWARE COMPOSITION ANALYSIS (SCA) TOOLSFortify Software Composition Analysis, OWASP Dependency-Check - Are we using outdated and vulnerable 3rd party components and frameworks in our applications ?


With constant changes in software, environments, third-party components, and evolving cyber threats, it's essential to conduct regular penetration testing to stay ahead of potential vulnerabilities. Regular testing helps you proactively identify and mitigate risks.


If you need guidance on your current penetration testing procedures, require an independent penetration test for compliance, or want to establish regular vulnerability assessments and penetration testing in your organization, Fimatix is here to help. Their expertise can provide the shield your digital fortress needs to withstand modern cyber threats and ensure your organization's security. Don't hesitate to reach out to Fimatix for assistance in fortifying your digital defenses.

Posted on:

July 20, 2023


Penetration Testing


Is there a project You'd like to discuss?

related insights

Artificial Intelligence (AI) and Machine Learning (ML) in Performance Testing

The Differences between Usability and Accessibility Testing

Why Incorporate Non-Functional Testing Early in the Software Development Cycle ?

Benefits / Drawbacks of Performance Testing in Test / Scaled Down Environments

Incorporating Performance Testing within CI/CD Pipelines

How to Obtain Stakeholder Buy-In for Non-Functional Testing

Troubleshooting Performance Issues in Test Environments: A Real-World Scenario

Demystifying Database Tuning - Unraveling Database Performance

‍Functional Test Automation: Why companies often feel let down by the outcome of their investment

The OWASP Top Ten - The Top 10 Web Application Security Risks

Avoiding Artificial Bottlenecks / Performance Issues in Performance Testing

Accessibility Guidelines - Understanding WCAG 2.1, the Upcoming WCAG 2.2 and Future WCAG 3.0 Updates

What is Volumetric Analysis ?

The Performance Testing Cycle Explained

Service Level Agreements vs. Non-Functional Requirements for Performance Testing

Applying Automated Test Solutions

Combining Performance Testing and Chaos Engineering

Non-Functional Testing Strategy for Performance

Explaining Performance Testing

Explaining Accessibility Testing

Silk Central Upgrade - "It's just a simple upgrade...."

Virtual Machine LoadRunner Load Generators on Azure Setup

How Selenium WebDriver can be used for Performance Testing

Performance Testing with SSO, OAuth

16 Tips Before You Automate

What is Automated Software Testing?

Load Testing and Performance Testing Tools

10 Top Tips for Automated Performance Scripts