Penetration Testing

Also known as Pen Testing, this is an authorized, controlled and simulated cyber attack service that is conducted on one or more computer systems, applications, networks or devices. It is performed to evaluate the security of the system under test.

While vulnerability scans look for known security issues, a vulnerability scan does not attempt to exploit them as a Pen Test does. Penetration Testing takes the extra step and uses tools, techniques and procedures that hackers use to attempt to exploit any identified vulnerabilities and any other flaws in the configuration or business logic that may exist.

The goal of a Pen Test is to always try to impact any of the Confidentiality, Integrity or Availability (CIA) of the device, application or service being tested.

Types of penetration testing:

• Black box external network testing
• Web application testing (credentialed)
• Internal “post-breach” simulation testing
• Social engineering
• Mobile application (iOS / Android)
• Wifi network