Penetration testing is an invaluable tool for any business or organisation which seeks to properly manage risk. Individual tests can be commissioned on discrete elements of the organisation’s IT system to identify vulnerabilities, which could be exploited by third parties for malicious purposes, precipitating financial or reputational damage. Following the test, the client receives a report outlining the test performed, vulnerabilities identified, associated risks and recommendations regarding corrective actions or improvements to mitigate those risks.
Penetration tests can be conducted at several different levels depending upon the client’s needs. From a basic Vulnerability Scan (Level 0) through a Level 1 Test, which will take the vulnerabilities identified in a Level 0 test to report the likely probability and impact if these vulnerabilities were exploited through to Level 2, when the vulnerabilities found are subjected to simulated attack to establish the extent of network penetration in order to understand most fully the impact of any such attack. These tests can be commissioned on a discreet part of a client’s system or a combination or elements.
•Network penetration test.
•Web application penetration test.
•Wireless network penetration test.
•Infrastructure penetration test.
•Website penetration test.
•Identifies specific vulnerabilities and their associated risk profile, enabling a risk based and targeted remediation strategy, which can be more cost effective, representing better value for money to the client organisation.
•Some accrediting bodies require penetration tests be conducted as part of their certification process.