What is Penetration Testing?
A Penetration Test, also known as a Pen Test, is a comprehensive way of testing an organisation’s cybersecurity vulnerabilities. If a hacker were going to target you - how would they do it and would they be successful?
Pen Testing doesn’t stop at simply discovering ways in which a criminal might gain unauthorised access to sensitive data or even take-over your systems for malicious purposes. It also simulates a real-world attack to determine how any defences will fare and the possible magnitude of a breach.
This is like a bank hiring someone to dress as a burglar and try to break into their building and gain access to the vault. If the ‘burglar’ succeeds and gets into the bank or the vault, the bank will gain valuable information on how they need to tighten their security measures.
What are the different types of pen tests?
White box Penetration Testing
In a white box test, the tester will be provided with some information ahead of time regarding your company’s security info.
Black box Penetration Testing
Also known as a ‘blind’ test, is when the tester is given no background information besides the name of the target company.
Covert Penetration Testing
Also known as a ‘double-blind’ pen test, this is a situation where almost no one in the company is aware that the pen test is happening, including the IT and security professionals who will be responding to the attack. For covert tests, it is especially important for the tester to have the scope and other details of the test in writing beforehand to avoid any problems with law enforcement.
External Penetration Testing
In an external test, the ethical hacker goes up against the company’s external-facing technology, such as their website and external network servers. This can mean conducting the attack from a remote location .
Internal Penetration Testing
In an internal test, the ethical hacker performs the test from the company’s internal network. This kind of test is useful in determining how much damage a disgruntled employee can cause from behind the company’s firewall.
Penetration testing will reveal if your servers or applications will resist hostile attacks and if the identified vulnerabilities can lead to further intrusion and exploitation.
Wondering why businesses conduct pen tests? Check out our blog 5 Reasons your business needs Penetration Testing or book in a discovery call with us today.