Different approaches to pen testing
What is a Pen Test?
Penetration testing also known as pen testing is a security practice that simulates an attack by a real cybercriminal to bypass the security controls of computer systems, networks or applications. It helps to discover different types of vulnerabilities and risks to the business that can measure an organisations resistance to an attack.
It is carried out based on a written contractual agreement between the tester and the business owner. It requires various levels of expertise and tools to perform a Pen test and is performed by a certified ethical hacker. Most pen tests are carried out from outside your business environment, but it can also be done from inside the network to simulate an insider attack to estimate the damage of a disgruntled employee.
Pen tests are suitable for businesses that believe they already have the preferred security posture and are wanting to test if someone can break in, and what the level of risk is.
A full report is given at the end of the penetration test detailing all the weaknesses found and graded according to severity. A guide is also provided with suggested remediation steps.
Black Box Testing
In Black box testing, the tester has no prior knowledge of the system, its design and the features. This knowledge will be acquired by the tester only during the assessment. The test is unbiased as the designer of the system and the tester are independent of each other, therefore this approach simulates a real world hack attempt and could find new attack vectors that were never conceived of before. Possible downsides could be that some attack vectors could be missed and the test team inadvertently targeting a live subsystem that is business critical.
This test is conducted over a series of days, and gives you an overall picture of your company’s preparedness for real world hack attempts. A full report is given at the end of the black box test, all data is returned and no copies are kept. We can work through the test results with you and help draw up strategies to help protect your data and strengthen the security posture of your business.
White Box Testing
This approach simulates possible attacks from an insider. The test team will be provided with as much information as possible about the system so that knowledge will help to target specific internal controls and features and identify test cases. White box testing has the benefit of doing a deep and thorough test on the system while making the best use of time. Also extend the attack vectors where black box testing has not reached.
Grey Box Testing
Positioned somewhere in between black box and white box testing approaches. This method helps to mitigate the downsides of the other two. Some information is provided to the test team to channel their efforts towards areas that need to be thoroughly tested while still maintaining a level of realism for a real world simulated attack
Why do you need a pen test?
Cybercrimes are ever increasing, hacking tools and information on exploitable vulnerabilities are easily available online that anyone with malicious intentions can launch an cyber-attack against your business to cause damage A pen test helps you find vulnerabilities and fix them before an attacker does.
Most businesses make the mistake of thinking they are safe from cybercriminals without doing an assessment. So a penetration test can be used to identify dangers that you haven’t detected yet.
Sometimes businesses are not aware that they are being hacked and already loosing valuable data. If your data has already been breached a Pen test can help to uncover such problems you didn’t know existed
With fast evolving IT environments it’s common that vulnerabilities and natures of attack are also evolving. These kinds of problems can be eliminated with constant assessments.
Maintaining the security posture involves frequent and comprehensive testing on the systems. With Pen tests offering independent view of the efficiency of security procedures businesses can act to safe guard their assets
Our Pen Test Solutions
We offer two kinds of Penetration test plans.
A one off service or a subscription based service; that can be subscribed to on an agreed schedule that will actively search for new weaknesses in your online services and business processes. This is an innovative new approach to penetration testing and is highly recommended as new vulnerabilities are being released every day.
Check out our vulnerability management programme that can assist you to plan cost effective pen testing.
We also assist you in post pen test remediation
Contact us for a quote
Contact us for more information about our services or a free consultation. Alternatively call and speak to an expert on 02032224060
Pen Test Types
Web Application Penetration Testing
Internal Penetration Testing
External Infrastructure Penetration Testing