A penetration test is a detailed review of an organization’s overall defense effectiveness by simulating a hacker targeting an organization’s network and data assets. Testing is performed manually, includes active exploitation, is multi-vectored, and often reveals many findings often missed by a standard vulnerability assessment. In addition, a penetration test has a goal or “trophy” in mind such as gaining access to confidential client information, intellectual property, administrator access, etc. Penetration testing is best used to test the effectiveness and resiliency of a matured security defense where an existing vulnerability management process already exists.
A penetration test typically involves performing information reconnaissance about a target organization, network mapping and system fingerprinting and enumeration, identifying vulnerabilities, exploitation, gaining and maintaining privileged access, evidence gathering, cleaning up, and reporting. The penetration test can be conducted externally from the Internet acting as an outsider and/or internally from inside the corporate LAN acting as a malicious insider. Different types of penetration tests can be performed with different goals in mind. A “white box” test, which can leverage data from provided information or a vulnerability assessment, and “black box,” which is performed with limited knowledge of the organization’s assets and defenses.
Below are the different types of penetration tests CDL typically conducts:
Copyright © 2019 Cyber Defense Labs - All Rights Reserved.