The successful execution of a penetration testing activity or a testing program lies in our attitude, whether we intend to perceive it as a pure technical task or rather a functional and process oriented approach. Hackers majorly go with a technical mindset with the aim of breaking into the application or infrastructure element through automated scanners and manual scripts. However a responsible penetration testing subject matter experts rendering services to various clients, cannot afford to just wear a hacker’s hat rather need to play the game much more methodical and oriented. The aim definitely is to identify vulnerabilities in the target asset in a streamlined manner, by which the technical activity becomes inherent or subset as part of the overall process/functional approach.
It is this methodical process oriented approach which will have its execution challenges, and needs to be streamlined to avoid hiccups. This article will list the common pitfalls which we have experienced at various stages either whilst delivering a one-off penetration testing activity or as a program, and the proactive measures to counter it. These pitfalls are listed covering the three dimensional classic of- process, technology & people elements.
Authored By - Dinesh Sawrirajan
TCS Cyber Security Practice