Penetration Testing, or a pen test, “is a method of evaluating the security of a system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization’s systems) and malicious insiders (who have some level of authorized access).” The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.
At CommSec this analysis is carried out from the position of a potential attacker by our Security consultants and can involve active exploitation of security vulnerabilities with a view to improving the security of your system or network. We can provide this service on its own or as part of our Security Assessment and Audit service. Security issues uncovered through the penetration test are presented to the system’s owner. Effective penetration tests will couple this information with an accurate assessment of the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks.
Why do a Pen test?
- Determine the feasibility of a particular set of attack vectors
- Identify higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
- Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
- Assess the magnitude of potential business and operational impacts of successful attacks
- Test the ability of network defenders to successfully detect and respond to the attacks
- Provide evidence to support increased investments in security personnel and technology