Penetration Testing

Types of Pentest

A pentest typically identifies the part of the system that is within scope and a particular goal – Such as accessing sensitive information without authorisation.

The test is performed, usually by various means so that all routes into the system are tested for vulnerabilities.

What is Network Pentesting?
Network pentesting is the testing of the security posture on your physical network infrastructure. This can be done in numerous ways i.e. from outside the network and attempt to remotely gain access to the network with very little or no information about the network (this is known as a black hat pentest). Having a great deal of the information about the network before you start is known as a white hat pentest and knowing some of the information is known as a grey hat pentest. A white hat pentest would be swifter and would potentially cover more of the network as it is already known whereas a black hat might not find all of the network.

Wireless pentesting will test the security posture of a wifi network infrastructure. Anyone within range of your wireless network may be able to break in and steal your sensitive information. A wireless pentest will identify any vulnerabilities and recommend any remediation to prevent this.

Web app pentesting. The majority of companies have some sort of web application such as a website or web programme involving a database that usually houses sensitive data. Testing any web app that can access this sensitive data is therefore crucial so that you can be confident that hackers are not going to be stealing this data.

We can provide a variety of pentest services including web app pentesting, wireless pentesting and Network pentesting. Once the pentest is carried out, a report is issued with any vulnerabilities found and any remediating actions to be carried out.

The test aims to simulate real-world situations – The hacker may have already gathered information on the target system in a targeted attack these are known as white box, black box and grey box tests:

White box
Background and system information are provided in advance to the tester.

Black box
Only basic information such as the company name is provided.

Grey Box
A grey box pentest is a combination of black and white box testing. Where only a limited amount of knowledge of the target is provided to the tester.

The results of the test will identify any issues with the system and whether they could be exploited during an attack (and estimate how vulnerable it is).

Any security issues that the penetration test discovers should be reported to the system owner directly and without delay. A penetration test reports should also assess the potential impacts to the business and suggest countermeasures to reduce or mitigate the risk.

The end goals of a pentest vary significantly depending on the type of activity approved for any given system and the primary goal focused on finding vulnerabilities that could be exploited by cybercriminals and informing the client of those issues along with recommended mitigation strategies.

We can provide a variety of pentest services including web app pentesting, wireless pentesting and Network pentesting. Once the pentest is carried out, a report is issued with any vulnerabilities found and any remediating actions to be carried out.