Security Assessment Services

What is Penetration Testing?

Penetration testing can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.

The main objective of penetration testing is to determine security weaknesses. A penetration test can also be used to test an organization’s security policy compliance, its employees’ security awareness and the organization’s ability to identify and respond to security incidents.

Penetration tests are sometimes called white hat attacks because in a penetration test, the good guys are attempting to break in.

Penetration Testing strategies include:

Internal Testing

This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.

External Testing

This type of penetration test targets a company’s externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they’ve gained access.

Web Application Testing

Web application penetration testing refers to a set of services used to detect various security issues with web applications. Web Application Penetration Testing services help identify vulnerabilities and risks in web applications.