Penetration testing a black box testing technique in which an authorized attempt is made to violate specific constraints stated in the form of a security or integrity policy of the system, application, network or database. It is a testing technique for discovering and documenting all the security holes that can be found in a system.
Security testing can never prove the absence of security flaws but it can prove their presence.
Penetration Testing Stages:
- Scope/Goal Definition
- Information Gathering
- Vulnerability Detection
- Information Analysis and Planning.
- Attack & Penetration/Privilege Escalation.
- Result Analysis & Reporting.
- Cleanup.