SECFORCE          
   
HOME COMPANY SERVICES RESEARCH BLOG NEWS & EVENTS PRESS OFFICE CONTACT
 
    Penetration testing  
    Home : Penetration testing  
   

Penetration testing is a method of assessing the security of a system or network by emulating a real attack scenario whereby a security consultant assumes the role of a motivated but non destructive 'hacker'. The ultimate goal of the penetration test is to raise the security of the target system.

The process involves an active evaluation of the system to discover the weaknesses affecting it. As part of the penetration test the security consultant will not only identify the weaknesses but also exploit them in order to determine the real risk of the threat for the business.

As a result of the test, a report is handed to the owner of the system. The report will detail the security issues found during the penetration test including the impact of the issue and the risk for the business. For each security issue covered in the report, a detailed explanation of mitigating actions and recommendation are suggested.

There are two main approaches for penetration tests based on the initial level of knowledge of the target system:
Black Box Penetration Test: In a black box penetration test the consultants conduct the assessment with no knowledge of the system other than the target host or network. This provides a very realistic scenario of an anonymous uninformed attacker.
White Box Penetration Test: In a white box assessment the consultants are provided with all the necessary details of the target system. This usually includes network maps, infrastructure details and even source code. Depending on the scenario, white box penetration tests can be more focussed and therefore cut the amount of resources needed for a test.
Any interactive system is subject of a penetration test, however the most common alternatives are:
Web Application Penetration Test: An web application penetration test is a scenario that emulates a 'hacker' looking to gain unauthorised access to the targeted website infrastructure from outside the organization, typically via the Internet.
External Penetration Test: External penetration tests are used to identify, evaluate and remediate the security vulnerabilities affecting an external infrastructure which may be compromised to allow unauthorised access to systems or data from the Internet.
Internal Penetration Test: Internal penetration tests recreate the scenario of an attacker connected to the company's internal network or a disgruntled employee.

For more information, please contact us with no obligation and we will explain in detail what we do and how we can benefit your organization.

  
GET A QUOTE
Get a personalised quote in less than 24 hours. One of our consultants will contact you to find out your necesities and provide you with all the guidance you may need.
Name
Company
E-mail
Phone
  Get Quote
The personalised proposal includes benefits, methodology and pricing.
Other services:
Web Application Penetration Testing
External Penetration Testing
Internal Penetration Testing
Wireless Penetration Testing
Firewall Penetration Testing
 
    Copyright (c) 2008 SECFORCE Ltd
All Rights Reserved		 10 Horsley Court, 4 Candle Street
E1 4RX London		 +44 (0) 845 056 8694