Performing a penetration test allows a business to test the robustness of their security controls as well as the security of their IT systems, network and website against a cyber attack. A pen-test will indicate whether an active attack by a malicious actor would be successful rather than just identify any vulnerabilities. This allows a business to plug holes in both their security controls and technical infrastructure before a real attack takes place.
Depending on the goal of the test a pentest starts with the tester having either no knowledge of the target, some knowledge, or full internal access to the target. This is known as black, grey or white box testing. Most effective is the former where the tester will begin by finding out as much information about the target as possible, then using any available routes of entry try to get a foothold within the business and breach its systems. This is done in a controlled manner and only as far as the test scope allows. Once the test is complete a report is prepared explaining the test findings and any recommendations.
Some of our recent clients we’ve helped…