Your Vulnerability data is only as accurate as it is current
Penetration tests offer a holistic test of complete security posture
Why use Penetration Testing / Ethical Hacking?
|
|
Penetration Testing Service Types
|
|
- Present the feasibility of an attack and the potential risks from such an event taking place.
- Explain the business impact of the vulnerabilities being discovered and exploited by a malicious user.
- Demonstrate what a hacker / malicious user would be able to achieve.
- Expose issues which an automated scanner would not always identify.
- Cover logic based applications (i.e. web applications) in depth from a user’s perspective.
- Assess Vulnerabilities
- Test Defenses
- Comply with Regulations
May include (but not limited to):
|
|
An internal security test takes place on the customers premises, where all systems including servers, workstation and network devices are accessible.
Internal tests can include wireless testing, firewall rules review, VOIP assessment, server forensic audits, architecture review and more.
Testers explore if your network is properly segmented using VLAN best practices.
External network security assessments are a one-off in-depth assessment of your externally facing, perimeter network. This can include testing for proper load balancing, SSL configurations, and DNS settings. These assessments are often conducted in conjunction with a web application test.
Internal
|
External
|
|
|
Vulnerability scanning evaluates a system for potential vulnerabilities or weak configurations, is largely automated and can only ever find a subset of security issues. Penetration testing, on the other hand, is a manual process performed by a human. A penetration tester will use tools as a part of their work, but they apply their human ingenuity to exploit vulnerabilities and illustrate what an attacker might be capable of when targeting a particular system.