Penetration Testing - Do you Know the Question?

An information security penetration test (pen test) is a systematic probing of a system for vulnerabilities. In most instances, the penetration test is performed externally, from a remote location, testing your systems much like a hacker would, looking for weak points.

Penetration tests are used to evaluate network entry points such as a firewalls, routers, and other equipment for mis-configurations and other issues that can allow hackers access to internal systems. In some cases, testing can evaluate web servers and web site code for risks. Since web sites tend to have a lot of custom code, they are subject to a variety of risks including SQL injection attacks, cross site scripting, and many other vulnerabilities.

Security risks develop on a daily basis. A system that is secure one day may be wide open the next. Penetration tests are a means of evaluating your systems to ensure information remains secure and your systems are available when they are needed.

Penetration tests can range from simple automated tools that look for the most basic issues to more comprehensive approaches that rely on the expertise of the person performing the test. These higher end approaches typically emulate the process used by hackers, scanning systems for vulnerabilities, evaluating the results, running other tools to make additional inroads into the network, evaluating and responding as necessary to get deeper and deeper into the system being evaluated.

The approach you use should consider the sensitivity of the information you are collecting and storing, the nature of your business, and the size of your organization. Most of all, the approach taken should answer your most basic question.

What is your Question?

Before you choose your approach, make sure you know your question. It will help you properly align the right penetration test with your specific needs.

Penetration testing help protect your intellectual property, reduce your risks, improve your competitive position, and enhance your image and reputation.

Security Blog
verified If You Want a "Security Audit"
You Need a Certified Auditor.
Certified Information Systems Auditors

Unlike a security consultant, Altius IT is certified as a Certified Information Systems Auditor to perform a security audit of your environment and issue reports and recommendations to secure your systems. After your audit, Altius IT's Auditor Opinion Letter and Secure Seal let your clients and prospects know you meet security best practice/compliance requirements.

See our In the News page for video clips of our experts on national television as well as over 40 publications featuring Altius IT. In addition to our auditor certifications we hold many security, technical, and project management credentials. More information is available on our About Us page.

Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

  • Fortify your information systems, applications, and network infrastructure
  • Comply with regulatory requirements
  • Protect your valuable assets
Assurance and Security Audit Services
network-security
Network Security Audit Company
Certified security audit
Cyber security audit
Network security audit
Penetration test and penetration testing
Risk assessment
Security testing
Social engineering security assessment
it-security
IT Security Audit Company
Data security audit
IT audit
IT security audit
Mobile software application security audit
Network security assessment
Security assurance
Web application security audit
Website security audit
Website security testing
compliance
Compliance Audit Company
Information assurance
Privacy audit
Security compliance
consulting-services
Consulting Services Company
Custom consulting service
Cyber security consulting
Network security consulting
Network audit
Network assessment
Quick Access
Audit Resources
Security Resources
Contact Us
Copyright ©     Altius IT.   All rights reserved.
Site map Privacy policy Do Not Sell or Share My Personal Information