A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The test is performed to identify weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system’s features and data, as well as strengths, enabling a full risk assessment to be completed.
The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal. A penetration test target may be a white box (about which background and system information are provided in advance to the tester) or a black box (about which only basic information (if any) other than the company name is provided). A grey box penetration test is a combination of the two (where limited knowledge of the target is shared with the tester). A penetration test can help identify a system’s vulnerabilities to attack (and estimate how vulnerable it is).
Security issues that the penetration test uncovers should be reported to the system owner. Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce the risk.
The National Cyber Security Centre describes penetration testing as: “A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary might.”
The goals of a penetration test vary depending on the type of approved activity for any given engagement with the primary goal focused on finding vulnerabilities that could be exploited by a nefarious actor and informing the client of those vulnerabilities along with recommended mitigation strategies.
We can provide a variety of pentest services including Network pentest, wireless pentest and web app pentesting. Once the pentest is conducted a report is issued with any vulnerabilities found and any remediating actions to be carried out.
Network pentesting is testing the security posture on your physical network architecture. This can be done in several ways i.e. from outside the network and attempt to remotely access the network with little or no starting information (this is known as a black hat pentest). Having all the information about the network before you start is known as a white hat pentest and having some of the information is known as a grey hat pentest.
A white hat pentest would be quicker and would potentially cover more of the network as it is known whereas a black hat might not find an area to test.
Wireless pentesting will test the security posture of a wireless network. If someone is within range of your wireless network they may be able to break in and steal your data. A wireless pentest will identify any weaknesses and recommend any remediation to prevent this.
Web app pentesting. Most businesses have some sort of web application, website or web programme involving a database often housing sensitive data. Testing any web app that can access any sensitive data is crucial so that you can be confident that hackers are not going to be stealing the data.
Quotes For Services
For a quote on all or any services please contact us through the contact page.