What is Penetration Testing?
Penetration testing, sometimes referred to as Ethical hacking, is an authorised and approved attempt to gain access to computer systems, applications, or data by using strategies often employed by malicious attackers.
This enables the organisation to help identify and resolve any security vulnerabilities which could potentially be exploited by an attacker.
A penetration test should be carried out regularly as it can only validate weaknesses and vulnerabilities of known issues on the day of the test. Any changes to a system or application may introduce new vulnerabilities that could be discovered.
There are two main types of testing that can be performed, where different tests can be approached in a “Whitebox” or “Blackbox” fashion:
- Whitebox Testing: This is where full information about the target businesses networks and application is shared with the tester. This is a thorough test of the internal aspects of a system, focussing on code, architecture, and other low-level attributes.
- Blackbox Testing: This is when no information about the target business is shared with the tester. The test is performed from an external perspective and aimed at identifying ways an attacker can gain access to the organisation’s internal assets.
There are a multitude of tests that can be performed on a business depending on their use-case and the tools that they use, such as cloud services, a mesh Wi-Fi network, or a bespoke software solution. Some examples of tests include:
- Physical penetration testing – physical access controls on a premise.
- Social engineering – testing the people at the workplace.
- Web application testing – in-depth testing of website assets such as code, plugins, database etc.
- Client-side testing – vulnerabilities from the user perspective such as code injection, form hijacking etc.
- Wireless penetration testing – testing the Wi-Fi network of the workplace, and the devices connected to said network
- Network testing – testing servers, firewalls, switches, printers etc.
If you want to know more about how we can support you with penetration testing then get in touch today via [email protected]