Penetration testing, also referred to as “pen testing” or “ethical hacking”, is the process of testing a computer network, application or computer system to identify security issues that could be exploited by a cyber attacker. This testing is also referred to as a “white hat attack” because in a pen test, the good guys are attempting to break in before the bad guys identify the vulnerabilities.
Penetration testing can be performed manually or can be automated, using a software application. The primary objective is to gather information about the target and identify possible entry points, attempting to penetrate the network or device and then reporting back the findings to the IT management staff.
The primary goal of penetration testing is to identify potential security problems before they’re exploited by a cybercriminal. Penetration testing typically varies for different combinations of on premise systems and cloud networking. Penetration testing can also be used to test drive a company’s security procedures and ensure that employees are familiar with and adhering to the company’s security policy, in order to prevent unanticipated security incidents.
As a rule, the information gathered during penetration testing is compiled and provided to the company’s IT management staff, ensuring that they’re aware of lapses in security and can proactively and strategically address problems uncovered in the penetration testing. The reports created during a penetration test provide detailed feedback and actionable items so that the company can prioritize the investment in their network security.
These reports can also educate application developers about how they can create more secure applications. If software developers know how the hackers broke into their application, they can be proactive to ensure it doesn’t happen moving forward and correct problems with their current software release.
How Frequently Should you Perform Penetration Testing?
Ideally, once a year is a good rule of thumb. In addition to performing regulatory-mandated assessments, penetration tests should also be performed when your business:
- Adds new applications or network infrastructure
- Invests in significant upgrades to premise infrastructure or applications
- Opens a new office
- Installs security patches
Penetration testing is typically tailored to the individual business, in addition to common risk factors associated with the industries in which they operate. Using various pen testing methodologies helps the ethical hacker focus on the identified systems and gain insight into the types of attacks that could cause the most havoc. This might include focusing on specific IP addresses, network infrastructure, source code and protocols used. A thorough penetration test will provide technical assistance and follow-up, as well as evaluation tasks to ensure the vulnerabilities are corrected and do not show up in future penetration tests.
Clarus Communications has been providing telecommunications and data services, since 2001, in St. Louis, Missouri. If you would like additional information on Penetration Testing for your organization, contact us today and someone from our company will be back in touch with you to schedule our services.