The IT industry has some fantastic terminology, one of these being a penetration test or pen test, the look you can get from people when talking about this can be quite surprising at times. But what is a penetration test and why should you look at getting one?
What is a penetration test?
A penetration test is a controlled simulated attack that is performed on a companies network or associated infrastructure from a company that employs ethical hackers. An ethical hacker utilises the same tools of the trade to identify weaknesses within systems and then try and take advantage to obtain any information possible.
Penetration tests can come in several flavours and are customised to the client’s needs, the test is conducted primarily as a black-box, grey-box or white-box test, these tests define how much the tester knows about the company, or target. Depending upon which type of test is conducted will define how long the test will take, the complexity and the overall cost.
Once the test type has been defined the scope of the test will also be agreed, this will ensure that the testers know the limits and make sure that they don’t test devices or systems that they shouldn’t be. It is also beneficial to companies to allow the testers to test as much as possible and give them as much flexibility as possible as this will give you the best overall results.
Once the test has been completed you will receive a detailed report from the testing company showing any vulnerabilities, weaknesses, intrusions and their findings. This report is usually made up of an executive summary for the management and then a more technical section for the people who will need to resolve any issues identified.
Why do you need one?
Now that you know what a penetration test is, why do you need one? You should look at performing a penetration test to ensure that your business and IT systems are secure. Businesses should conduct regular testing for the following reasons:
- To determine any weaknesses in your IT infrastructure and web applications
- To determine that the business has implemented the appropriate security controls are in place and effective.
- To ensure that your web applications are safe from malicious attackers
- To help protect your business against any potential breaches
You should look to implement a penetration test at least annually as things change within businesses, new staff start, new hardware is added and re-configured. If you are a technical company and/or software as a service business hosting a web-based application, you may need to have quarterly tests.
InfoSec Governance provides comprehensive penetration testing services and additional services which can help your business ensure it’s safe and secure. For more information, you can see our services at: https://isgovern.com/services/security-testing/ or you can contact us on 01325 628587