Penetration testing is an often confused term. Its focus is on finding security vulnerabilities in a target environment that could let an attacker penetrate the network or computer systems, or steal information.
From a business perspective, penetration testing helps safeguard your organization against failure, through:
From an operational perspective, penetration testing helps shape information security strategy through:
Your organization should of conducted a risk assessment, so will be aware of the main threats (such as communications failure, e-commerce failure, loss of confidential information etc.), and can now use a security assessment to identify any vulnerabilities that are related to these threats. It is important to understand what security assessment, vulnerability assessment, audit, and penetration test are.
Many people use the phrases "Security Assessment" and "Vulnerability Assessments" to describe the work done by penetration testers and ethical hackers. But, there is a subtile distinction between the ideas of a penetration test and a security assessment.
A penetration test is focused on getting in or stealing data. The emphasis is on penetration of the target environment by exploiting discovered vulnerabilities.
Security assessments and vulnerability assessments are focused on finding vulnerabilities, often without regard to actually exploiting them and getting in.
Thus, penetration testing often goes deeper, with its goal of taking over systems and stealing data, while security and vulnerability assessments are broader, involving the process of looking for security flaws.
Security Audits is a measuring of things against a fixed, pre-determined, rigorous set of standards. These audits are almost always done with detailed checklists.
Define a limited scope. Most organizations don't and can't test everything, due to resource constraints. We test those elements of your infrastructure that are deemed most vital.
Penetration testing and ethical hacking should be components of an overall security vulnerability discovery and remediation process in an organization, applied throughout the lifecycle of various IT projects. This process should then be applied regularly as changes are made to the environment, as new security weaknesses are discovered by researchers, and as new threats are manifested against the organization.
Testing Methodologies used:
Open Source Security Testing Methodology Manual (OSSTMM)
NIST Special Publication 800-42: Guideline to Network Security Testing
Open Web Application Security Project (OWASP) Testing Guide
Penetration Testing Framework
Our aim is to help provide the right solution for your business needs. Let pbnetworks be your solution provider.
|Return to Home|