The objective of penetration testing is to assess the strengths, weaknesses and vulnerabilities around the security of a company’s digital assets. The server being the platform on which emails and websites are hosted is obviously a critical component in any penetration test.
Some hosting companies are lax when it comes to keeping hardware and security up to date and that can lead to vulnerabilities.
When we conduct a server penetration test we analyse the following areas:
Server Infrastructure: what is the server, and how is it configured, and is that secure.
Server Applications: what does the server do, what data does it hold and what functionality is it capable of.
Server Authentication: what protocols are in place, and how strong are they, in authenticating users.