Careers | Contact us
Penetration testing

Penetration testing

 

Attack Simulations and Penetration Tests:


What is a penetration testing?

The process of using approved, qualified personnel to conduct real-world attacks against a system so as to identify and correct security weaknesses before they are discovered and exploited by others.

Why conduct a penetration test?

Penetration testing helps safeguard your organization against failure, through:

  • Preventing financial loss through fraud (hackers, disgruntled employees) or through lost revenue due to unreliable business systems and processes.
  • Protecting your brand by avoiding loss of consumer confidence and business reputation.
  • Identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively; budget can be allocated and corrective measures implemented.

What can be tested?

All parts of the way that your organization captures stores and processes information can be assessed; the systems that the information is stored in, the transmission channels which transport it, the processes and personnel managing it.
Examples of areas that are commonly tested:

  • Off-the-shelf products (operating systems, applications, databases, networking equipment etc.)
  • Bespoke development (dynamic web sites, in-house applications etc.)
  • External network (Firewalls, IDP, routers etc)
  • Internal penetration testing (Passwords, Shares, open ports etc).
  • Wireless (WIFI, Bluetooth, IR, GSM, RFID etc.)
  • Personnel (social engineering etc.)
  • Physical (access controls, dumpster diving etc.)

What do you get for the money?

While a great deal of technical effort is applied during the testing and analysis, the real value of a penetration test is in the report and debriefing that you receive at the end. If they are not clear and easy to understand, then the whole exercise is of little worth.

Ideally the report and debriefing should be broken into sections that are specifically targeted at their intended audience. Executives need the business risks and possible solutions clearly described in layman's terms, managers need a broad overview of the situation without getting lost in detail, and technical personnel need a list of vulnerabilities to address, with recommended solutions.

   |   |     
       Web Design CDTech - Web Development and Design