What is a pentest?
Definition
A pentest is the short form of “penetration test.” A pentest evaluates the security of an IT system.
Why perform a pentest?
IT systems may have vulnerabilities. A pentest makes it possible to assess how susceptible they are to such attacks, thereby offering the opportunity to fix them in advance, or to evaluate the risk if the vulnerability is deemed acceptable by the manager and the company. The pentest is one of the cybersecurity measures you can take to protect your business.
What are the different types of pentests?
The three main pentest methods
There are three approaches: black box, white box, and grey box. The choice depends on the scenarios and the intended objectives.
The black box method targets a situation where the attacker has no prior information to infiltrate the system. The goal of this black box approach is for pentesters to assess a system’s ability to “maintain its essential operations under external pressure” (e.g., network attacks, exploitation attempts…). This type of test reflects real-world attack conditions but can take several weeks.
The white box method aims to identify as many vulnerabilities as possible by having full information about the system, which does not always reflect the actual operating environment.
The grey box method involves a scenario where the attacker has partial information and a non-administrative user account, like an employee. Grey box testing is often the most used in companies because it reflects a plausible scenario (e.g., an insider with limited access).
This type of pentest is generally faster than black box testing but may reveal fewer vulnerabilities than white box testing. However, it often represents a good compromise between time and thoroughness.
Internal and external pentests
Pentests can also be classified according to their scope: internal or external. White box is considered an internal test because it requires information often only accessible to the company responsible for the system. Black box is generally an external test, with no prior information. Grey box lies between these two extremes.
A test can be internal or external regardless of the white/black/grey method (e.g., a white box pentest can be conducted on public/external systems such as an API).
How does a pentest work?
Step 1: Preparation and scoping
The first step is to define the objectives, which will guide the choice of method. Then, the rules of engagement must be established: which systems must not be touched, or which time slots are prohibited for conducting the test, regardless of whether it is black, white, or grey.
Step 2: Exploration and vulnerability analysis
Depending on the type of pentest, this phase may be facilitated by existing information such as source code or architectural diagrams. In the case of black box testing, exploration focuses on mapping the network, exposed services, open ports, and operating systems, which must be discovered—unlike in white box testing, where this data is provided. This information is used to identify security flaws.
Step 3: Exploitation of vulnerabilities and final recommendations
The final step consists of exploiting the discovered flaws. This may include unauthorized access, reading sensitive data, or executing remote code. The goal is to understand the potential impact of each vulnerability in order to provide recommendations to reduce the risks.
Tools and Software for a Successful Pentest
Analysis tools
Automated tools exist to detect vulnerabilities, such as Nessus or the former ‘Open Vulnerability Assessment Scanner’ (OpenVAS), now known as Greenbone Vulnerability Management (GVM). These tools can detect outdated software, open ports, or misconfigured services. They are designed to provide visibility into known vulnerabilities—currently estimated at around 95,000—and can perform tens or even hundreds of thousands of tests depending on the configuration. They are capable of scanning across Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP).
Exploitation tools
To exploit vulnerabilities, tools like Kali Linux, Burp Suite, or Metasploit are commonly used to simulate real-world attacks. Indeed, exploiting vulnerabilities, just like a malicious actor would, may require a suite of tools. Kali Linux, for example, is a Linux distribution that offers a wide variety of tools to exploit these vulnerabilities in order to better illustrate the risks they pose. Metasploit is even pre-installed in Kali Linux, making it a foundational tool for exploitation testing.
It is essential to emphasize that the use of these tools—whether for detection or exploitation of vulnerabilities—must strictly adhere to a legal framework. Their use without explicit authorization may constitute a criminal offense. Any security testing or auditing process must be governed by clear contractual agreements, formal authorizations, and compliance with applicable regulations (such as the GDPR or local cybersecurity laws).
Becoming a Pentester: Skills, Training, and Salary
Technical skills and soft skills
First of all, it is essential to have technical skills in operating systems, programming, and a solid understanding of network and communication protocol concepts. More specifically, one must master the command line on Linux and Windows, understand protocols such as TCP/IP, HTTP, SMTP, FTP, and DNS, and be able to write scripts in languages like Python, Bash, or C++. But being technically skilled is not enough: ethics, critical thinking, and the ability to learn quickly are also crucial.
Training
A common path to becoming a pentester is to pursue a university degree in computer science, typically a three-year program. Nowadays, a Bachelor’s in cybersecurity is considered a good starting point. Then, intensive and specialized training programs, specifically for becoming a pentester, are offered by private institutions.
Certifications
Several certifications exist, such as OSCP (Offensive Security Certified Professional), CEH (EC-Council Certified Ethical Hacker), or CPT (Certified Penetration Tester). The choice should match your level of experience and skills. For example, the CEH is often seen as an intermediate-level certification, while the OSCP is generally considered advanced. To better understand the difference: the CEH is a 125-question exam lasting about four hours. In contrast, the OSCP is a hands-on test simulating a real network, lasting up to 23 hours and 45 minutes, and often requires one to two months of lab preparation.
Pentester salaries and career prospects in Switzerland
Salaries vary depending on experience, location, skills and the type of company you work for.
Why hire a pentest expert?
A pentest is a true simulation of a real-world situation. To effectively manage security and reputational risks, it is best to entrust this task to a professional with the best tools, in-depth knowledge, and solid experience. The rapid evolution of vulnerabilities requires daily expertise to properly prepare the analysis and exploit the flaws, while also providing precise recommendations to mitigate risks.
While it is preferable to delegate the pentest to a professional, some good cybersecurity practices can still be applied directly by yourself.
Qim info, your cybersecurity partner in Switzerland
With digitalization, new opportunities arise, but so do new risks. Our mission is to manage them so you can focus on your core business. A professional pentest must be documented with a report delivered to the client, including evidence and remediation recommendations. Thanks to a proactive and integrated approach, we combine technology, processes, and human expertise to anticipate threats, protect your data, and control your costs.
