A penetration test (pen test or ethical hacking), is an authorised simulated cyberattack on a computer system, performed to evaluate the security of a system or network.
In the simplest form; a pen test is an authorised attempt to breach some or all of your system's security, using the same tools and techniques as an adversary might. Your goals of a pen test will vary depending on the type of activity or vulnerabilities you are trying to identify.
The process identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal.
A penetration test target may be a;
Our team of in-house experts are always happy to answer any questions you might have about pen testing!
Different types of penetration testing will focus on different aspects of your perimeter – the boundary that separates your network from the Internet.
Network penetration tests aim to identify and test security flaws, whether that be flaws in servers and hosts, misconfigured wireless access points and firewalls or insecure network protocols.
External penetration tests identify and test security vulnerabilities that might allow attackers to gain access from outside the network.
Internal penetration tests focus on what an attacker with inside access could achieve. An internal test will usually be done from the perspective of both an authenticated and non-authenticated user to assess potential exploits. It will check vulnerabilities affecting systems that are accessible by authorised login IDs and that reside within the network and check for misconfigurations that could allow employees to access information and inadvertently leak it online.
If you use wireless technology, such as Wi-Fi, you should also consider wireless network penetration tests. Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage whilst determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking.
Web application tests focus on vulnerabilities such as coding errors or software responding to certain requests in unintended ways.
As technical security measures improve, criminals increasingly use social engineering attacks such as phishing, pharming and BEC (business email compromise) to gain access to target systems.
So, just as you should test your organisation’s technological vulnerabilities, you should also test your staff’s susceptibility to phishing and other social engineering attacks.