What is Penetration Testing?
Penetration Test (also known as Pentest) is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who has no authorized access to organization’s systems) and malicious insiders (who has some level of authorized access). The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.
What does Security Assessment and Pentest involve?
The general scope of Security Assessment and Penetration Testing consists of the following:
- Information Reconnaissance.
- Network Mapping.
- System and Network Vulnerability Identification.
- Vulnerability Validation and Exploitation.
- Web Application Penetration Testing.
- Social Engineering.
After all the above mentioned security assessment and pentesting procedures are carried out, a detailed findings report is prepared and shared with the client.
When should Penetration testing be carried out?
Penetration Test should be carried out on any computer system that is to be deployed in a hostile environment, in particular any Internet facing site, before it is deployed. This will only provide a level of practical assurance that any malicious user will not be able to penetrate the system.
For more information on Penetration testing, please contact us at ITSECURITY@LISTSERV.SYR.EDU