Meet the Pentest

Hello everyone 🖖

Today we are beginning to dive into the fascinating world of information security, or more precisely, into one of its significant subsections - penetration testing.

What is Penetration Testing (Pentest)?

An enterprise's corporate network can be external, which unites various servers and other remote devices, and internal (local area network), which unites enterprise devices located within the office location into a network. Each of these devices performs some function, for example, a server for a corporate website, a data warehouse or an employee's work computer.

Both operating systems and programs may have weaknesses. If you put pressure on these weaknesses correctly, you can gain access to the management of the device(s), and then use certain methods to capture the entire corporate network. Thus, it is possible to divide the pentest into external and internal. We will talk about this in more detail in the section "Main stages of testing".

Thus, a pentest is a simulation of a hacker attack, which is aimed at finding and compromising vulnerable devices in the external and internal network of an enterprise, or in the global Internet as a whole, in order to steal data or take the device out of working condition.

Testing methodology

White box methods. In this group of tests, the tester knows the system being tested well and has full access to all its components. The testers work with the client and have access to private information, servers, running software, network circuits, and sometimes even credentials. This type of testing is usually carried out to test new applications before they are put into operation, as well as to regularly check the system as part of its life cycle - Systems Development Life Cycle (SDLC). Such measures make it possible to identify and eliminate vulnerabilities earlier than they can get into the system and harm it.

"Black box" methods. This group of tests is applicable when the tester does not know anything about the system under test. This type of testing is most similar to real attacker attacks. The tester must obtain all the information by creatively applying the methods and tools at his disposal, but without going beyond the agreement concluded with the client. But this method also has its drawbacks: although it simulates a real attack on a system or applications, the tester, using only it, may miss some vulnerabilities. This is a very expensive test, since takes a lot of time. Performing it, the tester will study all possible directions of attack and only after that will report the results. In addition, in order not to damage the system being tested and not cause a failure, the tester must be very careful.

Methods of the "gray box". The test takes into account all the advantages and disadvantages of the first two tests. In this case, only limited information is available to the tester that allows an external attack on the system. Trials usually performed in a limited volume, when the tester knows a little about the system. An example of information is a range of IP addresses that need to be checked for vulnerability.


Penetration testing is a very large and significant section of information security. It helps many companies around the world to reduce the risks of compromising devices, to identify unscrupulous personnel. With each new article on this topic, we will dive deeper into the world of pentest. In the next publication, we will consider, in general terms, what stages classical penetration testing consists of.



Composition of the IT development team

In this article we will look at the composition of the IT solution development team


About graphs, simply.

In this article, we will begin our acquaintance with graphs, get acquainted with the breadth-first search algorithm (BFS) and implement the graph in the Rust programming language.


What is the difference between outsourcing development and outstaffing an IT employee for development?

In this article we will understand what outsourcing and outstaff development are.


UI/UX design: The creation process

In this article we will talk about the main steps in the process of creating UI/UX design.


UI/UX design: Introduction

In this article, we begin to get acquainted with UI / UX design. This is the most important stage in the development of any visual application interface.


Agile, Six Sigma and No Principle

In the last article, we started diving into the development process. The first stage of this process is planning. At this stage, the project manager, together with other team members, forms a pool of tasks in accordance with some kind of project management methodology.


Reducing the implementation period of MVP

Let's figure out the timing of the implementation of the MVP.


Choosing a programming language

In this article we will talk about choosing a programming language to study


Testing an MVP concept

We will figure out how not to waste the budget on MVP development in vain


Application Architecture Design: Introduction

In this article, we will talk about the process of creating the architecture of an IT solution.


The terms of references: Structure

In this publication we will consider the universal structure of ToR


Incorrect estimation of the cost of IT contractor services

Today we will talk about the incorrect assessment of the cost of developing IT solutions. This pain is one of the main ones for enterprises and startups, including IT contractors themselves.


Introduction to Design Patterns in Software Development

In this article, we will begin to dive into the world of optimizing application architecture using design patterns.


Choosing the direction of development for programming training

In this article, you will find out what areas of IT development there are, how they differ and in which they pay more


OSI Model Levels

In this article, we will take a closer look at each of the levels of the OSI model


Main types of application architecture

In this publication, we will look at what application architectures are


10 ways to use Rust Cargo

In this short article I have collected 10 ways to use the build system and package manager of the Rust programming language


Documenting code in the Rust programming language

In this article, we will look at how documentation takes place in Rust and consider a very useful opportunity - writing tests through documentation.


Introduction to the OSI model

In this article we begin to consider the fundamental model of network interaction - OSI


CSS animation ripple

A simple example of how to implement ripple animation using HTML and CSS


What is the purpose of an ER-diagram in the development process?

Let's discuss in general terms what an ER diagram is and what it is used for.


From concept to MVP

In this article, you will learn, by example, how to move from a concept to an MVP without unnecessary complications in the functionality of the product


What are UML diagrams used for?

In this article we will talk about what UML diagrams are, what they are and where they are used


Introduction to writing the terms of references

The Terms of Reference are an important part of the development process. In this article, we will begin to dive into this issue.


Introduction to software development

Today, most companies are faced with IT development and often do not get what they want. In this article, we begin to dive into the process of creating IT solutions.


From idea to concept

In this publication, we will talk about how the idea differs from the concept. Let's do this with an example of a specific goal


IT project management methodologies: Waterfall, Scrum, Prince2

In this article, we will consider the basic methodologies of IT project management.


Weighted graphs

In this article, we will get acquainted with weighted graphs, Dijkstra's algorithm, and its implementation in the Rust programming language.


Development Process: Planning

In this publication, we will begin to consider the development process. Let's start with the planning process.