{"id":16722,"date":"2021-11-29T15:42:11","date_gmt":"2021-11-29T10:12:11","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=16722"},"modified":"2026-04-17T16:41:13","modified_gmt":"2026-04-17T11:11:13","slug":"process","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/penetration-testing\/process\/","title":{"rendered":"Breaking Down the Pentest Process: A 5-Step Guide"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">There were 5.6 billion malware attacks in 2020. As bad as it may look it was a 43% improvement on the stats from 2018. Google has been detecting <a href=\"https:\/\/www.comparitech.com\/antivirus\/malware-statistics-facts\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">600-800 malware infected sites per week<\/a> in 2021, whereas it had detected 3000+ per week in 2019. It is good news for all technology enthusiasts and security-minded people. But at the same time, there has been a <a href=\"https:\/\/www.isaca.org\/resources\/news-and-trends\/industry-news\/2021\/final-thoughts-on-the-state-of-cybersecurity-in-2021\" target=\"_blank\" rel=\"noreferrer noopener\">485% increment in ransomware attacks<\/a> since 2020 according to a survey by<em> ISACA<\/em>. There is no permanent relief from the fear of getting hacked.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It all boils down to how security conscious your organization is and how well prepared you are to survive cyber-attacks. Your best course of action is consistent penetration testing and vulnerability remediation. We will discuss what penetration testing is, what is the <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/penetration-testing\/\">Pentest<\/a> process, how it helps you defend your business and more.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"wrap-your-head-around-pentesting\"><span class=\"ez-toc-section\" id=\"Wrap_your_head_around_Pentesting\"><\/span>Wrap your head around Pentesting<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The underlying concept of Penetration testing or pen testing is simple. You invite security engineers to test your website, application, or network. They simulate a hack and try to penetrate your system. They find the weaknesses and try to assess how dangerous those weaknesses can be. Then they create a report documenting the vulnerabilities and recommending fixes.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A lot more than what meets the eye goes into the execution of a <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/what-is-vapt\/\" target=\"_blank\" rel=\"noreferrer noopener\">vulnerability assessment and penetration testing (VAPT)<\/a> operation. This article will cover five indispensable steps of the Pentest process. But before we get into all of that, let us understand why this is important.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"what-makes-pentesting-important\">What makes Pentesting important?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Cybercrime has reached a point of sophistication where targeted attacks are almost impossible to detect or prevent until some damage is done. 73% of black hat hackers opine that malware scanners are obsolete. However, there are <a href=\"https:\/\/business.yell.com\/knowledge\/average-30000-websites-hacked-every-day-secure\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">30,000 cyber attacks every day<\/a> and very few of them are targeted towards a particular organization.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When it comes to breaching a website, hackers want to cast as wide a net as possible, hence they automate the attacks. The only way to do that is to search for websites and networks with known vulnerabilities. For instance, a site using cross-site scripting or a vulnerable plugin is an easy target. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/why-penetration-testing-is-important\/\" target=\"_blank\" rel=\"noreferrer noopener\">You need consistent Pentesting because you do not<\/a><\/strong><a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/why-penetration-testing-is-important\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong> want to be an easy target.<\/strong><\/a><\/p>\n\n\n\n\n\n<h3 class=\"wp-block-heading\" id=\"who-needs-pentesting\">Who needs Pentesting?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Any business with a digital existence and a willingness to manage risk and protect their customers\u2019 interests should have penetration tests performed. However, regular penetration testing with pen-testing software is essential for certain industries.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Service providers<\/strong> need to conduct security audits every two quarters in order to stay SOC 2 compliant (SOC stands for Service Organization Control). Penetration testing is required as a part of the <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/soc-2-penetration-testing\/\">SOC 2 Type II audit<\/a>.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Banking institutes<\/strong> need penetration testing to stay compliant with the Payment Card Industry Data Security Standards (PCI DSS). This is essential to ensure the security of the sensitive data of cardholders.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Healthcare institutes<\/strong> operating under the Health Insurance Portability and Accountability Act, 1996 (HIPAA) are bound to conduct regular security audits and Pentesting is one of the popular methods to achieve that.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"whom-should-you-trust-it-with\">Whom should you trust it with?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">It is best to engage with professionals who are adequately trained to handle penetration tests and are well-equipped to ensure excellence at each step of the Pentest process. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You need to work with a company that offers:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Exhaustive range of tests<\/li>\n\n\n\n<li>A quick and comprehensive report<\/li>\n\n\n\n<li>Assistance in fixing the security loopholes<\/li>\n\n\n\n<li>And yet keeps it simple and hassle-free for you.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"the-pentest-process-explained\"><span class=\"ez-toc-section\" id=\"The_Pentest_Process_Explained\"><\/span>The Pentest Process Explained<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Pentest process starts with planning, and ends with a report documenting the results and remediation, and there are three more stages in between. <strong>Let us see what the 5 steps in the Pentest process are<\/strong>, and why each of them is important.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"590\" height=\"394\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2021\/11\/Copy-of-Featured-Images-10.png\" alt=\"Steps in the Pentest Process illustrated by Astra \" class=\"wp-image-16725\" style=\"width:839px;height:560px\"\/><figcaption class=\"wp-element-caption\"><strong><em>Image: Different Steps in the Pentest Process<\/em><\/strong><\/figcaption><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"step-1-plan\">Step 1. Plan<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This stage has a couple of aspects to it.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>The pen-testing team consults with the target organization, learns about their objectives, sets the rules of engagement, and agrees upon the legal implications.<\/li>\n\n\n\n<li>The pen testers use a variety of tools and techniques to gather as much intelligence as they can about the target. This makes their simulated attack more precise as well as fruitful.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">The planning stage determines the number of important factors before the rest of the Pentest process unfolds.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>The scope of the penetration test:<\/strong> It defines the assets that are within the <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/penetration-testing-scope\/\" target=\"_blank\" rel=\"noreferrer noopener\">scope of the pentest<\/a> as well as those that are out of scope.<\/li>\n\n\n\n<li><strong>Testing methodology to be used:<\/strong> The tools and techniques used for a test are determined in this stage.<\/li>\n\n\n\n<li><strong>Setting goals: <\/strong>The penetration test should address certain concerns the client might have, its result should also align with the business goals of the client organization.<\/li>\n\n\n\n<li><strong>Selecting potential vulnerabilities:<\/strong> The pre-engagement phase or the planning stage helps the pen-testers identify certain vulnerabilities that are most likely to be present in the client\u2019s systems.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"step-2-scan\">Step 2. Scan<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Once the planning and scoping is done, the obvious subsequent step is to scan the target system for vulnerabilities. The goal of penetration testing is to check the target system for a list of known vulnerabilities. All of that takes place in this stage.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>The scan can be automated, manual, or a combination of both.<\/strong> The last one is the most prescribed approach.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The tester sends probes to the target and monitors how the target responds to various inputs. One can use the static or <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/what-is-dast\/\" target=\"_blank\" rel=\"noreferrer noopener\">dynamic scan to test applications<\/a>. A lot of vulnerabilities are revealed during this stage. Some of them are<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SQL injection<\/li>\n\n\n\n<li>Cross-site scripting<\/li>\n\n\n\n<li>Remote code execution<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"step-3-gain-access\">Step 3. Gain access<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">When a hacker finds a vulnerability in your application or website, their goal is to use it as an entry point to gain access to valuable information and maintain and expand that access. The point of pentesting is simulating a hack to help you prepare for one, hence a Pentester does the same.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Gaining access to a target system can be as simple as accessing an exposed private URL but not always. <strong>Sometimes the Pentester may have to run an exploit in order to gain access<\/strong>. There are a couple of things to remember in this regard:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Not all vulnerabilities can be used to gain access, it is important to choose one that can.<\/li>\n\n\n\n<li>Pentesters should run an exploit to gain access only if they are absolutely sure that the vulnerability exists in the target system and if the rules of engagement allow it.<\/li>\n\n\n\n<li>The pentester must ensure that no system functionalities are compromised in the process of gaining access.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\"><style>\n\n.astraWebAppWrap{\n  padding:35px;\n  border: 6px;\n  background-image: url('https:\/\/cdn-blog.getastra.com\/2024\/08\/838dc804-smallimgicbg.png');\n  background-size: cover;\n  background-repeat: no-repeat;\n  position: relative;\n  background-position: right;\n  height: 275px;\n  border-radius: 10px;\n  margin: 20px 0px; \n}\n\n.pentestHeading{\n  color: #575757;\n  font-size: 24px;\n  font-weight: 600;\n  color: #575757;\n  max-width: 450px;\n}\n\n.ctaWebAppHead {\n    display: flex;\n    align-items: center;\n    grid-gap: 1rem;\n}\n\n.ctaOne {\n    text-decoration: none;\n    background-color: #2F76F8;\n    color: #ffffff !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n\n.ctaTwo {\n    text-decoration: none;\n    background-color: #24BC94;\n    color: #ffffff !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n\n.spanBoldBlue {\n    color: #3078FE;\n    font-weight: 700;\n}\n\n.WebAppImg{\n  position: absolute;\n  bottom: 0px;\n  right: 10px;\n  height: 250px;\n  width: 240px;\n}\n\n@media(max-width: 768px){\n\n}\n\n@media(max-width: 576px){\n   .pentestHeading{\n      font-size: 28px;\n    }\n\n   .WebAppImg{\n     display: none;\n  }\n}\n\n<\/style>\n\n<div class=\"astraWebAppWrap\">\n  <p class=\"pentestHeading\">Make your Web Application <span class=\"spanBoldBlue\">the safest place on the Internet.<\/span><\/p>\n  <p style=\"font-size: 16px; line-height: 1.5;\">With our detailed and specially <br \/> curated Web security checklist.<\/p>\n\n  <div class=\"WebAppHead\">\n    <a href=\"https:\/\/astra.sh\/web-app-security-checklist\" class=\"ctaOne\" target=\"_blank\" rel=\"noopener\">Download Checklist<\/a>\n  <\/div>\n\n  <img decoding=\"async\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/96ad3cf0-girlcta.png\" alt=\"character\" class=\"WebAppImg\" \/>\n<\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"step-4-retain-and-elevate-access\">Step 4. Retain and elevate access<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Once the Pentester has access to the system, the task that follows is to maintain and elevate that access even after a system reboot or modification.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers need a shell that gives them administrative access to make any real harm. By maintaining access they can look for opportunities to elevate access. They can use an exploit to do it. If it does not work, then they can look for additional vulnerabilities like misconfigurations or faulty file system permissions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Elevating access like this is also referred to as <strong>privilege escalation<\/strong> where an attacker escalates from low privilege to high privilege and gains deeper access into the system.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"step-5-analyze-and-report\">Step 5. Analyze and report<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Through the last four stages, the Pentester has identified the vulnerabilities, tried to exploit them, gained and escalated access with some of them. All these activities help the testers gather insights about the vulnerabilities.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The fifth phase consists of translating the insights into consumable information and then reporting them to the target organization.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The tester rates the vulnerabilities in terms of exploitability, severity, and the threat it poses to the business.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A detailed <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/penetration-testing-report\/\" target=\"_blank\" rel=\"noreferrer noopener\">VAPT report<\/a> is created with a list of the vulnerabilities, the score or rating corresponding to each vulnerability, and detailed guidance for remediation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/vapt-india\/\">VAPT providers<\/a> need to put two separate reports together &#8211; one to help the developers with the resolution of the issues, and the other one for the business users to comprehend the nature and severity of the <a href=\"https:\/\/www.getastra.com\/blog\/knowledge-base\/ecommerce-security-threats\/\" target=\"_blank\" rel=\"noreferrer noopener\">security threats<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"tools-used-in-different-stages-of-the-pentest-process\"><span class=\"ez-toc-section\" id=\"Tools_used_in_different_stages_of_the_Pentest_Process\"><\/span>Tools used in different stages of the Pentest Process<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">There are a lot of tools that you can choose from to conduct each step of the Pentest process. We are listing a handful of them here.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Shodan, <a href=\"https:\/\/www.netcraft.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Netcraft<\/a>, Threat Agent, Blind Elephant, are some tools used in the <strong>planning and recon stage<\/strong>.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Some tools used in the <strong>scanning stage<\/strong> are <a href=\"https:\/\/www.getastra.com\/website-vapt\" target=\"_blank\" rel=\"noreferrer noopener\">Astra vulnerability scanner<\/a>, Hydra, <a href=\"https:\/\/github.com\/FuzzySecurity\/PowerShell-Suite\" target=\"_blank\" rel=\"noreferrer noopener\">Powershell Suite<\/a>, <a href=\"https:\/\/github.com\/zmap\/zmap\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Zmap<\/a>, etc.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You can use tools like <a href=\"https:\/\/nmap.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Nmap<\/a>, <a href=\"https:\/\/www.metasploit.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Metasploit<\/a>, Burp Suite, for <strong>gaining and retaining access<\/strong>.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">In fact, a lot of these tools can be used for multiple stages of the Pentest if you know what you are doing.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Cyber security is a complicated subject with high stakes, hence, it is always recommended that you rely upon experts when it comes to running penetration tests or fixing vulnerabilities.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">There are open-source tools and free checklists that you can use to conduct a DIY pentest, but you already know how quickly things can go south once you try to exploit a vulnerability.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"let-astra-help\"><span class=\"ez-toc-section\" id=\"Let_Astra_help\"><\/span>Let Astra help&nbsp;&nbsp;&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Astra Security\u2019s Pentest solution can make the seemingly complex vulnerability management and penetration testing process seem like a breeze.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"768\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2021\/11\/Pentest-Suite-Creative-for-Review-Site-1-1.png\" alt=\"Pentest Process made simple by Astra\" class=\"wp-image-16728\"\/><figcaption class=\"wp-element-caption\"><em><strong>Astra Pentest Suite in Action<\/strong><\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">The security engineers at Astra run a large set of manual and automated tests to identify and rate vulnerabilities present in your system.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Your developers get a step-by-step video PoC to fix the vulnerabilities. They also get ample time with the security engineers to discuss any roadblocks in terms of remediation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Most importantly, you get a dedicated dashboard to monitor and fix the vulnerabilities even while the <a href=\"https:\/\/securityscan.getastra.com\/security-audit\" target=\"_blank\" rel=\"noreferrer noopener\">security audit<\/a> runs.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It does not get any simpler than this.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"in-conclusion\"><span class=\"ez-toc-section\" id=\"In_conclusion\"><\/span>In conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Penetration testing is a necessity even if it is not mandatory by your industry standards. Understanding how it works will help you assess the offers made by various VAPT companies. It will also help you ensure that you are getting the best solution available to you.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now that you know how a Pentest works, and why you might need one, all you need to do is find a VAPT company that can cater to your specific needs.<\/p>\n\n\n\n\n\n<h2 class=\"wp-block-heading\" id=\"faqs\"><span class=\"ez-toc-section\" id=\"FAQs\"><\/span>FAQs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1644857538079\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \"><strong>How much time does the Pentest Process take?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>The Pentest Process can take 4-10 days depending on the nature and scope of the Pentest. After you have fixed the identified vulnerabilities, the rescan can take half the time taken by the initial test.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1644857547449\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \"><strong>How much does Pentesting cost?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>The <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/penetration-testing-cost\/\" target=\"_blank\" rel=\"noreferrer noopener\">cost of penetration testing<\/a> for web applications is between $199and $5999 per scan, depending on the number of scans and the scope of the test. The cost of Pentesting for cloud infrastructures like AWS and GCP is between $499 and $999 per scan. \u00a0<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1644857630449\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \"><strong>Why should you trust Astra with Pentesting?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>With 9300+ tests according to global security standards, Astra ensures that all security loopholes are identified. The <a href=\"https:\/\/www.getastra.com\/pentest\" target=\"_blank\" rel=\"noreferrer noopener\">VAPT dashboard<\/a> offers dynamic visualization of the impact and severity of threats. It helps you prioritize the remediation. Astra assists you in fixing the vulnerabilities and certifies your web app.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1644857643721\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \"><strong>Do I get rescans after the vulnerabilities are fixed?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes, after you have finished fixing the vulnerabilities you will get 1-3 rescans based on the plan, to ensure all the loopholes are covered. You will have 30 days after the initial test completion to avail the rescans.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>There were 5.6 billion malware attacks in 2020. As bad as it may look it was a 43% improvement on the stats from 2018. Google has been detecting 600-800 malware infected sites per week in 2021, whereas it had detected 3000+ per week in 2019. It is good news for all technology enthusiasts and security-minded &#8230; <a title=\"Breaking Down the Pentest Process: A 5-Step Guide\" class=\"read-more\" href=\"https:\/\/www.getastra.com\/blog\/penetration-testing\/process\/\" aria-label=\"Read more about Breaking Down the Pentest Process: A 5-Step Guide\">Read more<\/a><\/p>\n","protected":false},"author":103,"featured_media":16724,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[722,58],"tags":[],"class_list":["post-16722","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-penetration-testing","category-astra-product"],"_links":{"self":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/16722","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/users\/103"}],"replies":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/comments?post=16722"}],"version-history":[{"count":9,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/16722\/revisions"}],"predecessor-version":[{"id":46535,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/16722\/revisions\/46535"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media\/16724"}],"wp:attachment":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media?parent=16722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/categories?post=16722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/tags?post=16722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}