Penetration Testing is a Network Security Service, which is one of several methods used to prevent unauthorised network intrusion.
Penetration testing is also commonly referred to as a pen test (or ethical hacking) and is a method used to perform security testing on a network system used by a business or other organisation. Pen tests involve a variety of methodologies designed to explore a network to identify potential vulnerabilities and test to ensure the vulnerabilities are real.
When penetration testing is performed properly, the results allow network professionals to make recommendations for fixing problems within the network that were discovered during the pen test. The main purpose of the pen test is to improve network security and provide protection for the entire network and connected devices against future attacks.
1- Hacking has now become an automated process
2- A pen test helps you find vulnerabilities and fix them before an attacker does
3- Penetration testing will help reveal problems you didn’t know existed
Black Box Testing
In a real world Cyber-attack, the hacker probably will not know all of the ins and outs of the IT infrastructure of a corporation. Because of this, he or she will launch an all-out, brute force attack against the IT infrastructure, in the hopes of trying to find a vulnerability or weakness on which they latch onto.
In other words, in this type of Pen Test, there is no information given to the tester about the internal workings of the particular Web Application, nor about its source code or software architecture
White Box Testing
In this type of Pen test, also known as “Clear Box Testing,” the tester has full knowledge and access to both the source code and software architecture of the Web Application. Because of this, a White Box Test can be accomplished in a much quicker time frame when compared to a Black Box Test. The other advantage of this is that a much more thorough Pen Test can be completed.
Gray Box Testing
As the name implies, this type of test is a combination of both the Black Box and the White Box Test. In other words, the penetration tester only has a partial knowledge of the internal workings of the Web Applications. This is often restricted to just getting access to the software code and system architecture diagrams.
Services of Penetration Tests
Now that the teams have been divided and their roles and responsibilities clearly defined, there are some different types of Pen Testing which can be engaged. These are as follows:
- Network Services;
- Web Application;
- Client Side;
- Social Engineering.
This is not an easy answer, because there are various factors that need to be considered before a test. These factors include:
- The likelihood of being attacked – being a high-profile company or a high-value target (when companies hold lots of information that can be commoditised). High-profile companies are often mentioned in the media; a company can enter the limelight over inconsequential events and become the target of attacks.
- The company’s presence in the press for the wrong reason – e.g. environment, political or human rights – will increase the likelihood of attacks.
- Compliance requirements.
- Use of open-source software, more vulnerable to automated attacks.
- Significant changes to the company infrastructure or network.