13. What is the penetration testing process?
For a Single Website
- Determine whether a CDN is in use; if so, discover the real IP.
- If no CDN, scan neighbouring sites and C-class IP ranges.
- Identify the CMS and determine middleware, plugins, and OS.
- Perform port scanning and directory brute-forcing.
- Examine JavaScript files for sensitive information.
- Look for associated mobile apps, official accounts, etc. to expand the asset footprint.
- Conduct routine vulnerability probing based on gathered information.
For a Network Segment or Region
- Use tools like Goby for batch scanning and mass exploit deployment, then probe identified weak points.