July 12, 2023

Penetration testing can identify vulnerabilities in applications, networks and system before they can be exploited, saving organisations money, time and reputational damage.

This can be done in a number of ways, and based on requirements we can scope and perform vulnerability assessment or full-scale penetration tests that assess the security of your applications, networks and system, provide a list of the any vulnerabilities found and their impact and how they can be remediated.


There are a number of approaches for penetration testing, depending on the position of the attacker (internal position vs. external position) and whether the attacker is afforded knowledge of the system or has to gain knowledge of the system through discovery, exploration and reconnaissance techniques.

BLACK BOX - Tester has little to no information about the application / systems under test, simulating an external attacker with limited knowledge of the target.

WHITE BOX - Tester has full (administrator) access, documentation, configuration, source code and knowledge of the application / system / environment under test. More time can be spent on exploiting issues rather than information discovery.

GREY BOX - A trade-off between black and white box. Tester has partial knowledge of / access to the application / system under test without access to source code and less dependency on developer assistance during the test.


We follow a broad methodology for penetration testing, which is determined by the approach above and the amount of information gathering / reconnaisance we have to do, and / or what we are already given.

i). RECONNAISSANCE / INFORMATION GATHERING - The penetration tester attempts to gather information about the target which can be used to plan and construct attacks which can assess the security of the system. It may include an element of threat modelling to identifying potential and likely threats.

ii). VULNERABILITY SCANNING - The penetration tester uses manual techniques and automated scanning tools to explore application, infrastructure and network weaknesses which could possibly be exploited.

iii). VULNERABILITY ASSESSMENT - The penetration tester uses all of the data from the previous two phases to identify potential vulnerabilities and determine whether they can be exploited.

iv). EXPLOITATION - The penetration tester then attempts to infiltrate the system by exploiting the vulnerabilities identified in the previous phase, to gauge what extent is the penetration tester able to exploit these weaknesses and to what extent is the security of the system at risk to attack.

v). REPORTING - The penetration tester prepares and presents a summary of the test with detailed reporting into the test activity, the findings of the test, the exploits achievable and their consequence, the recommendations for remediating issues and improving processes by providing guidelines for future implementation.


The scope and technologies involved in the penetration test may require more that multiple penetration test tools are used in the exercise, therefore penetration tests require specialists with knowledge of multiple penetration test tools in multiple areas and how to uncover vulnerabilities using them.

STATIC APPLICATION SECURITY TESTING (SAST) TOOLS - Fortify Static Code Analyzer, Veracode, SonarQube - Can we identify potential security issues just by scanning the application source code ?

DYNAMIC APPLICATION SECURITY TESTING (DAST) TOOLS - Fortify WebInspect, OWASP Zed Attack Proxy, Burp Suite Professional - Can we expoit security issues in the running application ?

NETWORK SCANNERS - Zenmap / Nmap - Can we check the network / infrastructure for vulnerabilities such as insufficiently protected open ports ?

PACKET SNIFFERS / NETWORK MONITORING - Wireshark, Telerek Fiddler - Are we able to read and write data transmitted over unsecure or compromised networks ?

SQL INJECTION / DATABASE TAKEOVER - sqlmap - Can we perform SQL Injection attacks to bypass login, return sensitive data from the database or even drop database tables ?

SOFTWARE COMPOSITION ANALYSIS (SCA) TOOLS - OWASP Dependency-Check - Are we using outdated and vulnerable 3rd party components and frameworks in our applications ?


Whether you need advice on your existing penetration testing procedures and processes, whether you need an independent penetration test for compliance or whether you need to establish regular vulnerability assessments and penetration testing into your organisation then FIMATIX can help.

Posted on:

July 12, 2023


Penetration Testing


Is there a project You'd like to discuss?

related insights

Securing cloud-based applications

Usability and Accessibility Testing - What is the Difference ?

Incorporating Non-Functional Testing Early in the Software Development Cycle

Benefits / Drawbacks of Performance Testing in Test / Scaled Down Environments

Incorporating Performance Testing within CI/CD Pipelines

Obtaining Buy-In for Non-Functional Testing

Troubleshooting Performance Issues in Test Environments: A Real-World Scenario

Demystifying Database Tuning - Unraveling Database Performance

‍Functional Test Automation: Why companies often feel let down by the outcome of their investment

The OWASP Top Ten - The Top 10 Web Application Security Risks

Avoiding Artificial Bottlenecks / Performance Issues in Performance Testing

Accessibility Guidelines - Understanding WCAG 2.1, the Upcoming WCAG 2.2 and Future WCAG 3.0 Updates

What is Volumetric Analysis ?

The Performance Testing Cycle Explained

Service Level Agreements vs. Non-Functional Requirements for Performance Testing

Applying Automated Test Solutions

Combining Performance Testing and Chaos Engineering

Non-Functional Testing Strategy for Performance

Explaining Penetration Testing

Explaining Performance Testing

Explaining Accessibility Testing

Silk Central Upgrade - "It's just a simple upgrade...."

Virtual Machine LoadRunner Load Generators on Azure Setup

How Selenium WebDriver can be used for Performance Testing

Performance Testing with SSO, OAuth

16 Tips Before You Automate

What is Automated Software Testing?

Load Testing and Performance Testing Tools

10 Top Tips for Automated Performance Scripts