Penetration Testing

There is a considerable amount of confusion in the industry regarding  the differences between vulnerability scanning and penetration testing,  as the two phrases are commonly interchanged. However, their meaning and  implications are very different. A vulnerability assessment simply identifies and reports noted vulnerabilities, whereas a penetration test attempts to exploit the vulnerabilities to determine whether  unauthorized access or other malicious activity is possible. Penetration  testing typically includes network penetration testing and application  security testing as well as controls and processes around the networks  and applications, and should occur from both outside the network trying  to come in (external testing) and from inside the network.

A penetration test helps determine whether an organization is vulnerable to a cyberattack, whether the defensive measures are sufficient, and which security measure failed the test. It shows the strengths and weaknesses of the organization's infrastructure at a given point of time. The process of penetration testing is not casual, it involves lot of planning, taking explicit permission from the management, and then initiating tests safely without obstructing regular work flow.

What are the types of pen tests?

  • White box pen test - In a white box test, the tester  will be provided with some information ahead of time regarding the  target company’s security info.
  • Black box pen test - Also known as a ‘blind’ test, this  is one where the tester is given no background information besides the  name of the target company.
  • External pen test - In an external test, the tester goes up against the company’s external-facing technology, such as  their website and external network servers.
  • Internal pen test - In an internal test, the tester performs the test from the company’s internal network. This kind  of test is useful in determining how much damage a disgruntled employee  can cause.

Our testing follows methodologies outlined in the industry frameworks Open Source Security Testing Methodology Manual (OSSTMM) and the Penetration Testing Execution Standard (PTES).

Upon completion, your organization will receive a report of the findings from the penetration test. This information can  then be used to implement security upgrades to plug up any  vulnerabilities discovered during the test. 

The Services We Can Provide:

  • Simulate real-world attacks to provide a point-in-time assessment of vulnerabilities and threats to your organization