What is Penetration Testing?
Penetration testing (or pen testing), is a simulated attack on a company network or application to identify weaknesses and vulnerabilities. These tests are used to actively exploit vulnerabilities that can expose a company’s infrastructure, data, applications and processes, and are an industry recognised approach to determine and quantify risk.
Our expertise, enables us to carry out a blend of technical and social assessments to identify and address cyber risks within an organisation, giving you a real world diagnosis and offering practical solutions.
Types of Penetration Testing
There are internal and external penetration tests, depending on whether the organisation is wanting to assess vulnerabilities from within the organisation, or external threats from the internet.
Internal penetration testing will assess security as an individual who has access to the organisation’s premises. The tester will assume the identity of a user without credentials, and using the Local Area Network (LAN) or WiFi network, will see if it is possible to improve their privileges and gain access to sensitive company information within the company firewall. Sensitive data can include financial information, research and development, and PCI card data.
External penetration testing will assess security from the viewpoint of an individual looking to access sensitive data over the internet, for example, a competitor or internet hacker. Security configurations on routers, firewalls, Web Application Firewalls (WAF), and Intrusion Detection Systems (IDS) will be tested and assessed for weaknesses.
Once penetration tests are complete, an in-depth technical review and management report is produced. These highlight system vulnerabilities and areas that can be exploited, as well as guidance on preventative countermeasures that meet security industry standards.