Penetration testing is a type of security testing used to test the insecure or weak areas of the system or application. The idea of pentesting is to find vulnerabilities before they are found by other malicious agents.

Types of Pen-testing
1. Whitebox Penetration testing
2. Black box penetration testing

In white box penetration testing, the testers has knows some background information or some knowledge of protocols, before performing an attack .

In black box penetration testing, the testers have no or limited knowledge about the system to be tested. He just runs the script during the testing and the output of the script is displays and the same report end user sends to the client.

Roles and Responsibility of Penetration testing

1.Make sure tester go through the app and prepare the scenarios for penetration testing

2.Find out the essential flaws where hackers attack a target machine.

3.Pen tester should think and act like a real hacker.

4.If pentester do the testing via manual or automation, he should test the site on a test server because he is responsible for any loss information or data during testing.

5.Tester should keep data and information confidential.

6.Those vulnerability find out by tester should be reproducible so it can be fixed easily

7.Pen tester sends the report to client related to the vulnerability

Following are the steps to be performed the penetration testing:

Planing Phase
Discovery Phase
Attack Phase
Reporting Phase

There are various tools that can be used to perform pentesting, which include tools such as OWASP ZAP, Burp Suite or Metasploit.