The methodology and lifecycle of penetration testing is defined by EC-Council Certified Ethical Hacker (EC C|EH) program. The five-phase process takes the penetration tester through Reconnaissance, Target Evaluation, Exploitation, Privilege Escalation, and Maintaining Foothold.
Many organizations offer identical security services, however, with slight differences depending on the coverage the client desires. These other types of security services uses terms such as; Audit where the testing measures the technical assessment of the system or application. Security assessment is another and it is evaluating the risk to identify the vulnerabilities in the system, application or processes. But Penetration Testing goes beyond an assessment by evaluating those that were identified as vulnerabilities to verify whether they are real or are they false positive. In penetration testing is three types of starting stages, (a) White Box which indicate that the tester has intimate knowledge about the system, (b) Gray Box which indicate that the tester has partial knowledge of the system, and (c) Black Box which indicate that the tester has absolutely no knowledge of the system.
We make it clear to our clients that no work of any kind will start without a Scope of Work, an itemized list of coverage given to us approved by the owner of the system. In following the SOW our job then is to perform a systematic actions to compare them to the SOW such as;