Learning Log 3:

           Last two weeks, I learned about the steps it takes to perform penetration testings to a target user / server. First we have the reconnaissance step which is always neglected due to the fact that it might not be that important for some people but if logically, it is one of the most important because this is the step in which you will be thorough when it comes to the person / organization / server's identity so that no amount of time and effort will be wasted on penetrating other entities that does not have anything to do with your target. The second one is the mapping side in which the attacker that will map the entire network to best understand how data flows from one web page to the other and see where they are connected. The third part is a discovery in which the attacker exploits the vulnerabilities that the network possesses. The fourth one is exploitation wherein the attacker launches attacks to vulnerable parts of the web server to exploit the data / information that the attacker wants to obtain. And if necessary, the attacker would just need to repeat the steps all over again to launch another attack to it. 

         To further understand how it works first hand, we had an exercise in which we did all these steps to the given websites. All went well and great and I understood a lot more from it than I would've thought about. The only thing that worries me is that some applications that are necessary to perform thorough attacks/penetration skills needs payment to use.