Published January 2020
Sponsored by Cobalt Labs, Inc.
Executive Summary
This is the second of a three-part series of white papers focused on the essential best practice of penetration testing (pentesting), the goal of which is to identify and prove vulnerabilities within a system or application’s scope within a defined amount of time. As noted by Security Innovation Europe, pentesting “is the process of testing your applications for vulnerabilities, and answering a simple question: ‘What could a hacker do to harm my application, or organization, out in the real world?’”
Pentesting can involve a wide range of techniques and practices, including static and dynamic analysis, and includes things like SQL injection, cross-site scripting and backdoors in an effort to understand and exploit an application’s vulnerabilities. Pentesters will attempt to do things like intercept traffic, exfiltrate sensitive data or escalate user or admin privileges within applications to determine just how vulnerable an application might be to hackers and other cyber criminals.