This Process Street penetration testing checklist is engineered to give a documentation process for staff carrying out penetration testing on either their own networks and services or those of a client.
Penetration testing is a method of locating vulnerabilities of information systems by playing the character of a cracker. The goal of the tester is to enter into a system and then burrow in as deep as possible. The deeper the tester can embed themselves and the more permanent their access can be, the more damage they can cause. A thorough pen-test aims to reveal these weaknesses so they can be closed as quickly as possible without having a real cracker expose them.
This Process Street template aims to follow a standard pen-testing process, however, if there are further steps you wish to add or remove you are free to do so. You can simply add this template to your account and click to edit the template. The template is fully editable in order to meet the specific needs of your company.
Throughout the template you will notice form fields where you can enter information as you run the checklist. All data entered into these form fields is stored in the template overview tab in a spreadsheet format. This data can then be exported as a CSV if you wish to keep an internal backup. You can add or remove form fields from the process in order to change the kind of data you're collecting.
If you want to hear a little more about penetration testing, check out the video below: