An information security penetration test (pen
test) is a systematic probing of a system for
vulnerabilities. In most instances, the
penetration test is performed externally, from a
remote location, testing your systems much like
a hacker would, looking for weak points.
Penetration tests are used to evaluate
network entry points such as a firewalls,
routers, and other equipment for mis-configurations
and other issues that can allow hackers access
to internal systems. In some cases, testing can
evaluate web servers and web site code for
risks. Since web sites tend to have a lot of
custom code, they are subject to a variety of
risks including SQL injection attacks, cross
site scripting, and many other vulnerabilities.
Security risks develop on a daily basis. A
system that is secure one day may be wide open
the next. Penetration tests are a means of
evaluating your systems to ensure information
remains secure and your systems are available
when they are needed.
Penetration tests can range from simple
automated tools that look for the most basic
issues to more comprehensive approaches that
rely on the expertise of the person performing
the test. These higher end approaches typically
emulate the process used by hackers, scanning
systems for vulnerabilities, evaluating the
results, running other tools to make additional
inroads into the network, evaluating and
responding as necessary to get deeper and deeper
into the system being evaluated.
The approach you use should consider the
sensitivity of the information you are
collecting and storing, the nature of your
business, and the size of your organization.
Most of all, the approach taken should answer
your most basic question.
What is your Question?
- The lowest cost approach typically
answers the question "Are there any major
security holes?"
- A comprehensive approach takes more time
and relies on the knowledge and experience
of the person performing the penetration
test. The comprehensive approach answers the
question "Is our information secure from
hackers?"
Before you choose your approach, make sure
you know your question. It will help you
properly align the right penetration test with
your specific needs.
Penetration
testing help protect your intellectual
property, reduce your risks, improve your
competitive position, and enhance your image and
reputation.
Security Blog menu
Tags: penetration testing | pen test |
penetration test | external security audit |
ethical hacker
|