Penetration Testing is used for analysing the security on IT systems. From the test security measures can be put in place.
What is Penetration Testing?
Penetration Testing is the simulation of cyber attacks to assess the security of the systems put in place by a company. They can cover digital systems aswell as operational over the phone and by post, depending on the level of testing conducted.
It must be noted that penetration is an assessment of the management procedures put in place to defend against cyber attacks, not to identify further vulnerabilities.
What’s Included in a Pen Test
The objective of a penetration should always be to improve the management procedures used to defend against cyber attacks.
The techniques used, system knowledge, and what is being targeted can all vary depending on the test. As standard, tests are conducted every 12 months and tests are different depending upon the systems being checked.
Types of Penetration Testing
Whitebox testing – where the internal vulnerabilities are assessed and identified.
Blackbox testing – this is conductive externally and is a way of identifying vulnerabilities in accessing IT assets.
The test report should include security issues that have been discovered, that level of risk that is present to the organisation, how to resolve the issues, advice on how to improve security, and assessment on the accuracy of the report.