Logging

The goal of a penetration tester is distinct from that of a malicious hacker, although their methods might be the same. A hacker attempts to break into a network for malicious purposes; this can be, but is not limited to, such things as defacing a website, obtaining sensitive data, or causing the failure of networked services to operate. A penetration tester, on the other hand, is hired for the purpose of assessing the security posture of a company. Whereas a hacker might spend months targeting a single site, a penetration testing firm is usually under a limited time frame.

Because the intent of a penetration tester is distinguished from that of a malicious hacker, the testing firm should ensure that he is auditing his actions. This serves two purposes:

• An audit trail is kept internally that can be of assistance when compiling the report.

• If a company is hacked while the testing is occurring, the audit trail could separate the actions of the testing firm from the attacker.

A penetration tester should keep detailed logs of his actions. This should include time of day, type of attack, test output, and any relevant screen shots. A separate file should be kept of these logs to be used in the creation of the report and to confirm the test results to the client.