A Penetration Tester’s Job
It is a job of a penetration tester (pentester) to discover vulnerabilities that could potentially put an organization at risk. In a Horangi Penetration TestPenetration Test, we attempt to look for vulnerabilities in web or network systems and applications that are exploitable by an attackervulnerabilities in web or network systems and applications that are exploitable by an attacker, then provide tailored recommendations that help organizations improve security posture.help organizations improve security posture.
What A Typical Day Looks Like
For starters, there is no typical work day for a penetration tester. Every day has the potential to be exhilarating, exhausting, invigorating, or all of the above. On any given day, penetration testers can see their targets at their weakest and most vulnerable, or at the strongest and most robust state. It is the job of penetration testers to put themselves in an attacker's shoes and find weaknesses before hackers do.
As mentioned, it is almost impossible to portray a typical day for a penetration tester, given how different workplaces can be and how work can vary from day-to-day depending on the type of project that a pentester is working on. A typical day can range from working at a customer site under the blazing sun, pentesting IoT devices, to working from the comfort of our own home testing remotely accessible applications. What follows is a broad outline of what a workday might be like for a penetration tester in a day.
As a penetration tester at Horangi, we start our day at around 9AM and begin by reviewing emails and organizing our priorities based on projects and client deadlines. We communicate with our clients regularly to ensure that all information required to commence on the penetration test has been obtained. The required information depends on the type of penetration test and the client engagement, it typically includes target URL/IP address and user credentials.
Customer Focus In Engagements
It’s finally time to start the client engagement. The initial phase sets the stage for the biggest risk areas that need to be tested. So we have to first identify the main uses of the target in question.
We start with setting up the toolssetting up the tools that we need during an engagement and gathering information using open-source intelligence (OSINT), such as Google Search and WHOISgathering information using open-source intelligence (OSINT), such as Google Search and WHOIS to find information about the company, the target, gathering as much information as possible which can then be utilized to launch attacks. We also have to conduct enumeration and scanning to collect information on opened ports, type of services and their respective versions, and known vulnerabilities.
There will also be occasional client meetings throughout the day. Having a customer focus is one of our values at Horangi. Engagements with the customer is something that pentesters often neglect, but here at Horangi, we make sure that we put our customer firstwe make sure that we put our customer first while performing the technical side of our jobs. It is our responsibility to connect with the customer, to understand their requirements and set expectations, as well as establish the scope and boundary of the test. There may also be discussions with customers from previous projects on the report sent, which happens more frequently than one would imagine.
Methodology
Armed with all the knowledge collected previously, the penetration testing process shifts to identifying vulnerabilities within the target. We introduce automated scans at the beginning, but quickly expand into deep-dive manual testing techniques. During the threat-modeling step, targets are classified into different threat categories. These may include sensitive documents or proprietary knowledge but more often than not, this consists of technical information found during the previous phase.
With all the information and findings collected, we document and conduct a detailed analysis on the vulnerabilities discovered. This includes analysis using manual testing techniques based on the OWASP guidelinesmanual testing techniques based on the OWASP guidelines and output from the different security tools. We then document a list of vulnerabilities and dive deeper into those that are likely to drive a larger business impact or can be easily exploited.
Exploitation would have to be carried out in the form of a proof-of-concept as evidence of the legitimacy of the vulnerability. Due to the heavy reliance on manual testing techniques, this is a time-intensive phase.
Every pentester typically needs to update the client at the end of the day (whether via email or a meeting). Keeping the client informed throughout the engagement is a big focus of ours.
With the test completed, the next crucial part is the reporting process in which we present the findings to customers, their respective stakeholders such as the technical staff.
Professional Development At Horangi
Client engagement does not fill all of our time. At Horangi, we strive to dedicate 20% of each cybersecurity consultant’s time to develop themselves further or improve company tools and processes. These include upskilling by being up to date with the latest tactics, techniques, and procedures (TTPs), improving the company’s tools for pentesting and other related services, developing internal training materials, contributing to research, and even giving talks.
We know in this ever-changing landscape that constant learning is critical in order to stay on top of the trends in the security industryin order to stay on top of the trends in the security industry. Our leadership team understands the value of staying updated with various industry certifications, such as, OSCP, Pentest+, CREST CCT, and time and effort is invested to make sure we always strive for knowledge.
Want to be a part of the the Horangi Cyber Operations team? Check out our Careers pageCareers page to see current job openings.
