What is Penetration Testing?
Penetration testing (pen testing) is a security exercise that attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system's defences which attackers could take advantage of.
There are predominately 3 types:
This test focuses on testing from within the organisations infrastructure and will usually conducted on site. It is designed to identify any vulnerabilities which can be used to elevate privileges and gain further access to systems once a foothold has been made within the organisation.
It also deals with security holes that could be taken advantage of by a malicious insider — perhaps a disgruntled employee that wishes to cause damage to areas of the business outside of their usual access level.
The aim of an external pen test is to find ways to compromise your accessible (external) systems and services from the internet. The external pen test replicates the activities of real hackers, including executing exploits to attempt to gain control of systems.
They will also test the extent of any weaknesses discovered to see how far a malicious attacker could burrow into your network and what the business impact of a successful attack would be.
Web application penetration testing attempts to uncover vulnerabilities across websites and web applications, such as e-commerce platforms, content management systems, and customer relationship management software.
This type of test deals with reviewing the entire web application's security, including its underlying logic and custom functionalities, to prevent data breaches.