A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization's systems) and malicious insiders (who have some level of authorized access). The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.
Security issues uncovered through the penetration test are presented to the system's owner. Effective penetration tests will couple this information with an accurate assessment of the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks.
Penetration tests are valuable for several reasons:
- Determining the feasibility of a particular set of attack vectors
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
- Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of network defenders to successfully detect and respond to the attacks
- Providing evidence to support increased investments in security personnel and technology
Penetration tests are a component of a full security audit. For example, the Payment Card Industry Data Security Standard (PCI DSS), and security and auditing standard, requires both annual and ongoing penetration testing (after system changes).
The pro active way at staying ahead of the game.
- PCI Compliance Testing
- External and Internal IT Assets Vulerniblity and Exploitation
- Cloud Services and Protocal Vulerniblity and Exploitation (Website, Email, Virtualization, CRM, VPN, RDP, SIP, SSH Etc..)
- Human Element Testing (Social Engineering)
Our goal is to show you how your business could be hacked. With a detailed overview of how we did it and what it would take to fix. We offer Live Quesetion and Answer Training for Social Engineering.
9 times out of 10 we find the Human Element is that weak link. Situations like a fake web server could be an internal company website, a banking website, a hotel sign in page etc... The list goes on. We are able to help train you and your employees valuable lessons, tips and tricks to keep you safe from Hijackings like the one we displayed as an example. The best security AV/AS, IDS/IPS in the world can not save you from the end user... This type of attack is also know as a Social Engineering Attack. An Attack like this could be something as simple as a fake website, or a phone call claiming to be an IT Support Staff that needs you to reply to an email etc...