Penetration Testing
How safe are your locks?
A penetration test (pen test or ethical hacking), is an authorized simulated cyberattack on a computer system, performed to evaluate the security of a system or network.
Put simply, a pen test is an authorized attempt to breach some or all of your system’s security, using the same tools and techniques as an adversary might. Your goals of a pen test will vary depending on the type of activity or vulnerabilities you are trying to identify.
The process identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal.
A penetration test target may be a;
- White box (which provides background and system information)
- Black box (which provides only basic or no information except the company name).
- Grey box (a combination of the two where limited knowledge of the target is shared with the auditor).
A penetration test can help determine whether a system is vulnerable to attack if the defences were sufficient, and which defences (if any) the test defeated.
Why Pen Test?
Types of Penetration Testing
Infrastructure (Network) Penetration Tests
Network penetration tests aim to identify and test security flaws, whether that be flaws in servers and hosts, misconfigured wireless access points and firewalls or insecure network protocols.
External Network Penetration Tests
External penetration tests identify and test security vulnerabilities that might allow attackers to gain access from outside the network.
Internal Network Penetration Tests
Internal penetration tests focus on what an attacker with inside access could achieve. An internal test will usually be done from the perspective of both an authenticated and non-authenticated user to assess potential exploits. It will check vulnerabilities affecting systems that are accessible by authorised login IDs and that reside within the network and check for misconfigurations that could allow employees to access information and inadvertently leak it online.
Wireless Network Penetration Tests
If you use wireless technology, such as Wi-Fi, you should also consider wireless network penetration tests. Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage whilst determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking.
Web Application (software) Penetration Tests
Web application tests focus on vulnerabilities such as coding errors or software responding to certain requests in unintended ways.
Social Engineering Penetration Tests
As technical security measures improve, criminals increasingly use social engineering attacks such as phishing, pharming and business email compromise to gain access to target systems. So, just as you should test your organization’s technological vulnerabilities, you should also test your staff’s susceptibility to phishing and other social engineering attacks.
Take a step towards peace of mind