Penetration Testing, commonly known as pen testing refers to ethical hacking where the computer system, network or web application is hacked to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually. Either way, the process involves gathering information about the target before the test, identifying possible entry points, attempting to break in, either virtually or for real and reporting back the findings. The main objective of penetration testing is to identify system weaknesses and thus provide additional security. Pen testing enables the security team of the organization to make strategic decisions and prioritize remediation efforts. Penetration tests are also sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.
Organizations should perform pen testing regularly to ensure more consistent network security and IT management. In addition to conducting regulatory-mandated analysis and assessments, penetration tests may also be run whenever an organization:
- adds new network infrastructure or applications
- makes significant upgrades or modifications to its applications or infrastructure
- establishes offices in new locations
- applies security patches
- modifies end-user policies
Penetration testing is a five stage process. It begins with Planning and scanning followed by gaining access and maintaining access. The last step is analysis and WAF configuration. Penetration testing could be done in various ways-
- External testing
- Internal testing
- Blind testing
- Double-blind testing
- Targeted testing
At ThoughtStorm, we aim to provide our clients with the type of testing they wish to implement in their systems and provide the required security upgrades.
