What is a penetration test?
A penetration test will look to exploit any vulnerabilities in a systems security features such as default passwords on firewalls. A penetration test will look for ways to escalate privileges and gain access to important data etc.
Penetration testing tends to be more bespoke than Vulnerability scanning as it requires the tester to select the most appropriate approach to test for weaknesses and then find the necessary tools to perform the penetration test.
Internal and external penetration tests
The two approaches a penetration test uses to assess the security are an Internal and external penetration test.
An internal penetration test will look at the organisation’s system from the view of an employee, insider or someone who has gained physical access to the building. The test will ascertain how easy it is to access different areas and the authorisation required to do this.
An external penetration test will use tools and methodologies available to internet hackers to determine whether it is possible to gain access and manage to drill inside the organisation’s systems.
How are penetration tests used
There are different strategies that a penetration test can use to provide a simulation of how a hacker could present a risk to an organisation.
The result of the findings would be collated in a report detailing any weaknesses and providing advice on ways to secure your organisation against these threats.