Penetration Testing

Often referred to as Pen Testing, this is a controlled, authorised simulation of a cyber attack carried out against one or more systems, applications, networks or devices. The objective is to rigorously evaluate how secure the target environment really is under realistic attack conditions.

While vulnerability scanning focuses on identifying known weaknesses, it stops short of attempting to exploit them. Penetration testing goes further by using the same tools, techniques and procedures as real attackers to actively exploit discovered vulnerabilities, as well as weaknesses in configuration or business logic that an automated scan might miss.

The aim of every Pen Test is to determine whether the confidentiality, integrity or availability (CIA) of the targeted device, application or service can be compromised, and to what extent.

Types of penetration testing:

• Black box external network testing
• Web application testing (credentialed)
• Internal “post-breach” simulation testing
• Social engineering
• Mobile application (iOS / Android)
• WiFi network assessments