Penetration Testing is used to identify and report back on security vulnerabilities to allow you, as the client, to remedy the vulnerabilities and raise the level of security in order to protect your assets, whether physical or intellectual.
Penetration testing, also known as “pen testing,” is the practice of testing a computer system, network, or web application to identify vulnerabilities that an attacker could exploit. The goal of pen testing is to find and report on vulnerabilities that could be used to compromise the system, as well as to provide recommendations for how to fix those vulnerabilities. This helps organisations secure their systems and protect against potential cyber attacks. Pen testers use a variety of tools and techniques to try to “penetrate” the system, including trying known vulnerabilities, guessing passwords, and attempting to access restricted areas. They may also use social engineering tactics to try to gain access to sensitive information. The end result of a pen test is a report that details the vulnerabilities that were found and how they could be exploited, as well as recommendations for how to fix those vulnerabilities.
White Box
We have full access to all your information that is normally unavailable to external infiltrators.
Grey Box
Certain information is supplied, we would assess whether unauthorised, logical access can be gained via external components by the cyber criminal who has the same access as a customer or supplier.
Black Box
The system will be “attacked’ from the infiltrators perspective, the only information gathered by an actual attacker is used.
What is High-Value Penetration Testing and Why Is It Important?
A high-value penetration test has several aspects. (SANS)
- It models the activities of real-world attackers
- to find vulnerabilities in target systems
- and exploits them under controlled circumstances
- applying technical excellence to determine and document risk and potential business impact
- in a professional, safe fashion according to a carefully designed scope and rules of engagement
- with the goal of helping an organisation prioritise its resources in improving its security stance