Penetration testing
What is a penetration test?
What is a penetration test?
At its simplest, a penetration-test is a security assessment the
process of actively evaluating your information security measures
the information systems will be tested to find any security issues,
as opposed to a solely theoretical or paper-based audit.
The results of the assessment will then be documented in a
report
Why do I need a penetration test?
Penetration testing helps safeguard your organisation against failure, and in the long term can.
- Preventing financial loss through fraud (hackers, extortionists and disgruntled employees)
- Proving due diligence and compliance to your industry regulators, customers and shareholders.
- From an operational perspective, penetration testing helps shape IT and Information security strategy through:
- - Identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively; budget can be allocated and corrective measures implemented.
What can be tested?
All parts of the way that your organisation captures, stores and processes information can be assessed; the systems that the information is stored in, the transmission channels that transport it, and the processes and personnel that manage it. Examples of areas that are commonly tested are:
- Purchased products (operating systems, applications, databases, networking equipment etc.)
- Bespoke development (dynamic web sites, in-house applications etc.)
- Telephony (war-dialling, remote access etc.)
- Wireless (WIFI, Bluetooth, IR, GSM, RFID etc.)
- Personnel (screening process, social engineering etc.)
- Physical (access controls, dumpster diving etc.)
