OverviewPenetration Testing is the act of trying to ethically hack into a computer system, application or network. Penetration Tests are involved tests meant to simulate the effects of a determined attacker targetting your network.
In addition to trying to compromise your network, a penetration tester will also attempt to utilize the network access they might have gained to see what data they might be able to access while moving through your network.
Why Do Penetration Tests?Penetration Testing provides the most accurate ethical representation as to how well fortified your network or computer systems are against targetted and non-targetted attacks. Many organizations have had their network and systems built with security flaws that can be leveraged to break into a network and exfiltrate data.
Though an increased focus has been placed on security architecture in recent years, it is not uncommon to find flaws in security controls that can be used to steal or ransom your data.
How do they Work?Prior to the engagement our certified hacker will discuss the scope of the project with the client. Which machines are we to attack, and which methods can we employ to try to compromise the systems. Some clients choose a full "black box test", where there are no holds barred and we attempt to compromise the network by any means necessary. Others choose to place restrictions on which systems can be attacked.
Once the testing has been completed a report will be provided to the organization stating what data was accessed and how it was accessed.
How Do These Compare To Vulnerability Assessments?A frequently asked question is how Vulnerability Assessments compare to Penetration Tests. There are a few notable differences between the two.
Pricing - Vulnerability Assessments are priced based on the number of IP addressess that will be assessed. Penetration Testing is priced based on the estimated number of hours that will be required for the engagement.
Involvement - Penetration Tests tend to be much more involved that a Vulnerability Assessment. Penetration Tests will typically look to actively exploit security holes to gain access to a system, where Vulnerability Assessments do not attempt exploitation.
Stealth - Acting in a stealhy manner is not typically a high priority for Vulnerability Assessments, and as such sometimes Intrusion Prevention / Intrusion Detection systems are alerted. Penetration Testing is performed in a much more stealhy manner so as to attempt to elude your IPS / IDS systems for a more accurate representation as to what an attacker would be capable of.