Penetration Testing Basics: A Developer's Guide

9 juin 2026
5 min de lecture

What is Penetration Testing?

Penetration testing (pen testing) is a simulated cyber attack against your system to check for exploitable vulnerabilities. It's a proactive approach to identifying security weaknesses before malicious actors can exploit them.

Types of Penetration Testing

1. Black Box Testing

  • No prior knowledge of the system
  • Simulates external attacker
  • Tests from user perspective

2. White Box Testing

  • Full knowledge of system architecture
  • Access to source code
  • Most comprehensive testing

3. Gray Box Testing

  • Partial knowledge of the system
  • Simulates insider threat
  • Balance between black and white box

Penetration Testing Phases

1. Reconnaissance

Gathering information about the target:

<CodeBlock codes={[ { code: `# DNS enumeration nslookup target.com dig target.com ANY

Subdomain discovery

sublist3r -d target.com

WHOIS lookup

whois target.com

Google dorking

site:target.com filetype:pdf site:target.com inurl:admin`, language: "bash", label: "Reconnaissance Commands" } ]} />

2. Scanning

Identifying open ports and services:

<CodeBlock codes={[ { code: `# Port scanning with Nmap nmap -sV -sC target.com

Vulnerability scanning

nmap --script vuln target.com

Web application scanning

nikto -h http://target.com

SSL/TLS testing

sslscan target.com`, language: "bash", label: "Scanning Tools" } ]} />

3. Gaining Access

Attempting to exploit vulnerabilities:

Common Attack Vectors:

  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Authentication bypass
  • File upload vulnerabilities
  • Command injection

4. Maintaining Access

Testing persistence mechanisms:

  • Backdoors
  • Rootkits
  • Trojan horses
  • Creating privileged accounts

5. Covering Tracks

Understanding how attackers hide their activities:

  • Log manipulation
  • Timestamp modification
  • File deletion
  • Traffic obfuscation

Essential Penetration Testing Tools

Web Application Testing

Burp Suite: Comprehensive web vulnerability scanner

  • Intercept and modify HTTP requests
  • Automated scanning
  • Extensive plugin ecosystem

OWASP ZAP: Free alternative to Burp Suite

  • Active and passive scanning
  • Automated security testing
  • API testing capabilities

Network Testing

Nmap: Network discovery and security auditing Metasploit: Exploitation framework Wireshark: Network protocol analyzer

Password Cracking

John the Ripper: Password cracking tool Hashcat: Advanced password recovery Hydra: Network login cracker

Common Vulnerabilities to Test

1. Authentication Weaknesses

<CodeBlock codes={[ { code: `# Test for default credentials admin:admin admin:password root:root

Brute force attack simulation

hydra -l admin -P passwords.txt http-post-form "/login:username=^USER^&password=^PASS^:Invalid"

Test password reset functionality

Check for account enumeration

Verify session management`,

    language: "bash",
    label: "Authentication Testing"
  }
]}

/>

2. Input Validation

Test for injection vulnerabilities:

<CodeBlock codes={[ { code: `# SQL Injection payloads ' OR '1'='1 '; DROP TABLE users-- ' UNION SELECT NULL,NULL,NULL--

XSS payloads

<script>alert('XSS')</script>

<img src=x onerror=alert('XSS')>

Command Injection

; ls -la | cat /etc/passwd `whoami``, language: "text", label: "Injection Payloads" } ]} />

3. Access Control

  • Test horizontal privilege escalation
  • Test vertical privilege escalation
  • Check for insecure direct object references (IDOR)
  • Verify authorization checks

Automated Security Testing

Integration with CI/CD

<CodeBlock codes={[ { code: `# GitHub Actions security workflow name: Security Scan

on: [push, pull_request]

jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2

  - name: Run OWASP Dependency Check
    uses: dependency-check/Dependency-Check_Action@main
    
  - name: Run Snyk Security Scan
    uses: snyk/actions/node@master
    env:
      SNYK_TOKEN: \${{ secrets.SNYK_TOKEN }}
      
  - name: Run Trivy vulnerability scanner
    uses: aquasecurity/trivy-action@master
    with:
      scan-type: 'fs'
      scan-ref: '.'`,
    language: "yaml",
    label: "CI/CD Security"
  }
]}

/>

Writing a Penetration Testing Report

Report Structure

  1. Executive Summary

    • High-level overview
    • Key findings
    • Risk assessment

  2. Methodology

    • Testing approach
    • Tools used
    • Scope and limitations

  3. Findings

    • Vulnerability details
    • Severity ratings
    • Proof of concept
    • Screenshots

  4. Recommendations

    • Remediation steps
    • Priority order
    • Implementation timeline

Severity Ratings

  • Critical: Immediate action required
  • High: Significant risk, address soon
  • Medium: Moderate risk, plan remediation
  • Low: Minor risk, address when possible
  • Informational: No immediate risk

Ethical Considerations

  • Always get written permission
  • Define scope clearly
  • Follow rules of engagement
  • Respect data privacy
  • Report findings responsibly

Responsible Disclosure

  1. Report vulnerabilities privately
  2. Give reasonable time to fix
  3. Don't exploit vulnerabilities
  4. Coordinate public disclosure

Continuous Security Testing

Security is not a one-time activity:

  • Schedule regular penetration tests
  • Implement bug bounty programs
  • Conduct code reviews
  • Perform threat modeling
  • Stay updated on new vulnerabilities

Learning Resources

  • OWASP Testing Guide: Comprehensive testing methodology
  • HackTheBox: Hands-on penetration testing practice
  • TryHackMe: Guided cybersecurity learning
  • PortSwigger Web Security Academy: Free web security training
  • SANS Penetration Testing: Professional training courses

Conclusion

Penetration testing is essential for maintaining robust security. Regular testing, combined with secure development practices and continuous monitoring, helps identify and fix vulnerabilities before they can be exploited.

Remember: Always test ethically and legally. Unauthorized testing is illegal and unethical.