×

HOW TO GET SUPPORT

1 Contact our expert personel
2 Problem Detection and Analysis
3 Permanent Solutions

If you still have problems, please let us know, by sending an email to info@nationalkeep.com . Thank you!

WORK HOURS

Mon-Fri 9:00AM - 6:00PM
Sat - 9:00AM-5:00PM
Sundays by appointment only!

General Questions

Penetration Testing is a Network Security Service, which is one of several methods used to prevent unauthorised network intrusion.

Penetration testing is also commonly referred to as a pen test (or ethical hacking) and is a method used to perform security testing on a network system used by a business or other organisation.  Pen tests involve a variety of methodologies designed to explore a network to identify potential vulnerabilities and test to ensure the vulnerabilities are real.

When penetration testing is performed properly, the results allow network professionals to make recommendations for fixing problems within the network that were discovered during the pen test.  The main purpose of the pen test is to improve network security and provide protection for the entire network and connected devices against future attacks.

1- Hacking has now become an automated process

2- A pen test helps you find vulnerabilities and fix them before an attacker does

3- Penetration testing will help reveal problems you didn’t know existed

Black Box Testing

In a real world Cyber-attack, the hacker probably will not know all of the ins and outs of the IT infrastructure of a corporation. Because of this, he or she will launch an all-out, brute force attack against the IT infrastructure, in the hopes of trying to find a vulnerability or weakness on which they latch onto.

In other words, in this type of Pen Test, there is no information given to the tester about the internal workings of the particular Web Application, nor about its source code or software architecture

White Box Testing

In this type of Pen test, also known as “Clear Box Testing,” the tester has full knowledge and access to both the source code and software architecture of the Web Application. Because of this, a White Box Test can be accomplished in a much quicker time frame when compared to a Black Box Test. The other advantage of this is that a much more thorough Pen Test can be completed.

Gray Box Testing

As the name implies, this type of test is a combination of both the Black Box and the White Box Test. In other words, the penetration tester only has a partial knowledge of the internal workings of the Web Applications. This is often restricted to just getting access to the software code and system architecture diagrams.

Services of Penetration Tests

Now that the teams have been divided and their roles and responsibilities clearly defined, there are some different types of Pen Testing which can be engaged. These are as follows:

  • Network Services;
  • Web Application;
  • Client Side;
  • Wireless;
  • Social Engineering.

This is not an easy answer, because there are various factors that need to be considered before a test. These factors include:

  • The likelihood of being attacked – being a high-profile company or a high-value target (when companies hold lots of information that can be commoditised). High-profile companies are often mentioned in the media; a company can enter the limelight over inconsequential events and become the target of attacks.
  • The company’s presence in the press for the wrong reason – e.g. environment, political or human rights – will increase the likelihood of attacks.
  • Compliance requirements.
  • Use of open-source software, more vulnerable to automated attacks.
  • Significant changes to the company infrastructure or network.

Specific Questions

ISO 27001 Annex A 18.2.3 Technical compliance review and the related other matters needs a penetration test be done to company.

An ISMS (information security management system) implementation project greatly benefits from penetration testing at three particular points:

  1. As part of the risk assessment process – a penetration test will identify vulnerabilities in any web applications, internal devices, Internet-facing IP addresses and applications and link them to identifiable threats.
  2. As part of the risk treatment – a penetration test ensures that controls work as designed.
  3. As part of the continual improvement process – a penetration test ensures that controls continue to work and that new threats and vulnerabilities are discovered and fixed.

While a talented 24/7 security operations center using good technological tools can prevent the vast majority of threats, your people outside of IT security play a critical role on the front lines of your company’s IT security efforts.

Here’s an analogy: how good is your home security system if you invite a criminal into your home?

Not good at all. Immediately, all security goes out the window.  It’s no different with cyber security

To use another analogy, let’s look at the medical model as applied to cyber security. You are going to come across bugs and viruses. It’s a fact of life. But it doesn’t mean you shouldn’t use good hygiene. The same applies to IT security. You should not just accept that hacks and breaches are going to happen, you should combat them and use good cyber hygiene.

Cyber-criminals and hackers are in the headlines almost every week. They can ruin a company's reputation and destroy the business. And the threat is increasing rapidly. This is why cybersecurity is becoming one of the world’s fastest growing business components.

But to be truly effective, cybersecurity shouldn't be just an application that comes in a box. It also must include expert teams of highly trained and qualified professionals who know how to secure every facet of the organization.

Unfortunately, these same organizations are struggling to fill the 1-2 million cybersecurity jobs they’ll need around the world by 2019. This means that you could have one of those in-demand positions. With National Keep’s Security Training and Certifications, you can acquire the hands-on, real-life skills and knowledge to become a critical resource for these organizations.

With any business service, cost varies quite a bit based on a set of variables. The following are the most common variables to affect the cost of penetration testing services:

  • Complexity: the size and complexity of your environment and network devices are probably the biggest factors of your penetration test quote. A more complex environment requires more labour to virtually walk through the network and exposed web applications looking for every possible vulnerability.
  • Methodology: each pen tester has a different way they conduct their penetration test. Some use more expensive tools than others, which could increase the price. But more expensive tools could reduce the time of your test, and produce higher quality results.
  • Experience: pen testers with more experience will be more expensive. Just remember, you get what you pay for. Beware of pen testers that offer prices that are too good to be true. They probably aren’t doing a thorough job. We suggest looking for penetration testers with credentials behind their name like CISSP, GIAC, CEH, or OSCP.
  • Onsite: most penetration tests can be done offsite, however; in rare cases that involve very large/complex environments, an onsite visit could be required to adequately test your business security. Onsite visits are also required if you request a physical security or social engineering penetration test.
  • Remediation: some pen testers include remediation assistance and/or retesting in their price. Others provide test results and disappear.
TOP