What’s involved in a pen test?
A penetration test follows the same set procedure. Firstly, the scope of the test must be established with the customer. From this reconnaissance is conducted to assess all pages that are to be tested. A scan will then be conducted to see if access to the system can be gained. Once inside the ethical hacker will then try to move laterally within the system to see if there are further weaknesses to more critical data.
How long does a pen test take?
Pen testing depends upon the scope of the test. Key factors include the number of digital assets and the size of the network to be tested. Some tests will only require remote testing but some will require an element of social engineering, and the test set up will vary, i.e. whether the hacker and the security personnel are working together or whether a test is conducted without the security personnel knowing.
Why are there so many different prices for penetration testing? Surely it’s the same thing?
The price is proportionate to the time it takes to do a penetration test and the level of detail required by the client within the test (scope). Some tests can be conducted for free which we carry out for clients on a regular basis.
Difference between a Pen Test and a Vulnerability Scan?
A vulnerability scan is the use of digital tools to scan for known vulnerabilities. A full penetration test includes vulnerability scanning but also relies upon human intervention to simulate a cyber attack working along side known tools used for hacking.