Somewhere between updating your Disaster Recovery plan and setting up multi-factor authentication, you probably recall that it’s time you conduct penetration testing for your network. If you have the skills and the time internally to do this, I recommend that you make sure that your pen test covers the following 5 key steps. These steps work regardless of whether you are completing a small-scale web application pen test or a full network pen test for a global organisation. Penetration Testing your Network Footprinting / Reconnaissance Footprinting or Reconnaissance is the initial intelligence gathering performed on a target organisation. This involves identifying firewalls, routers and building a map of the network. During this step, the security tester gathers important company information. This could include org charts, company policies, physical addresses, current events and details of key personal such as email addresses, CVs and phone numbers. Once the security tester gathers this information, they can then identify key targets, potential vulnerabilities and attack vectors. Scanning Scanning adds a lot of information to your network map. It is about uncovering more detailed host information. It might consist of Operating System information and versions, hosted applications, open ports and network ranges. This information expands...