If you are a member of a security penetration testing team, and you identify vulnerabilities and exploits, what should you obtain from the owners of the system in question prior to compromising and exploiting the known vulnerability? 

Several operating system distributions are geared towards penetration testing. Such distributions typically contain a pre-packaged and pre-configured set of tools. The penetration tester does not have to hunt down each individual tool, which might increase the risk complications—such as compile errors, dependency issues, and configuration errors.

A number of Linux distributions include known OS and application vulnerabilities, and can be deployed as targets to practice against. Such systems help new security professionals try the latest security tools in a lab environment. Examples include Damn Vulnerable Linux (DVL), the OWASP Web Testing Environment (WTW), and Metasploitable.

Most states have their own specific laws that deal with security breaches. Each have their own notification requirements that may be required.

Making sure your employees and contractors have the appropriate confidentiality and nondisclosure agreements in place are essential to preventing liability in the event of a data breach that may have been intentionally caused by one of these parties. Second, having a privacy policy that is developed and followed is also important.

Change your password.

Immediately, change your password on the affected site / service. If the hack encompasses numerous sites, be sure to change all of those passwords. This process becomes a lot easier if you are using effective password management.

Step-by-step explanation

Conducting a regular penetration test is a helpful way to identify serious vulnerabilities within your IT environment. A trusted ethical hacker performs the penetration test using a methodical and thorough approach.

The test is performed to identify weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.