Pentesting is a special form of security analysis where an audit team emulates a hacker and tries to gain access to private networks, internal company services, billing servers, workstations of rank and file staff to management and so on. While the goals of an attacker are always destructive - blocking, Denial of Service, data corruption, theft - a penetration testing team adopts the cybercriminal mantle to secure the client and harden systems.
Typical Pentration Testing process:
Reconnaissance - gathering information about domains, endpoints, software in use by the company, server location and network infrastructure. Other services available upon request.
Scanning web/mail/network applications with automated tools that can pinpoint potential weaknesses and known vulnerabilities.
Reviewing discovered security flaws and scrupulous manual testing of critical functionality to uncover more attack vectors.
Exploiting vulnerabilities to achieve the goal or become closer to it.
At this stage we see whether the goal is achieved. If it's not we need to go deeper.
Creating an informative and visually approachable report that describes possible attacker’s path to achieve instrusive goal, and our recommendations to secure your infrastructure.
Social engineering attacks are often used during penetration testing. These sort of security activities (looking at phishing sites, reading spoofed email, chatting with their fake boss) will help your employees boost their computer literacy, and it can be fun!
Ready to talk? Drop us a line. We’ll be glad to answer your questions and assist you in becoming firstname.lastname@example.org