The term Penetration Test is often used ambiguously. For some, it means actively attempting to hack into a network. For others, it means something closer to an external port scan.
At FRSecure, we take the time to understand your needs, then we deliver. If what you need is an extensive attempt to break in, then that’s what we do.
If you’re like most businesses though, you probably want someone to identify vulnerabilities in your external security, validate that they’re real, and give you good, actionable recommendations on what to do about them.
A partial list of activities in a FRSecure penetration test:
- Identification of vulnerabilities associated with externally/publicly available information resources
- Verification of vulnerabilities associated with externally/publicly available information resources
- Recommendations for risk remediation
- Internet Searches
- Google Hacking
- Social Media Search and Discovery
In general, a penetration test, occasionally pen-test, is a method of evaluating computer and network security by simulating an attack on a computer system or network from external threats. The process involves an active, simulated attack, usually against firewalls and/or web applications, with the goal of identifying any potential vulnerabilities resulting from system configuration issues, known and unknown hardware or software flaws, or operational weaknesses. This analysis is carried out from the position of a potential attacker and can, but usually does not involve active exploitation of security vulnerabilities.
Security issues uncovered through the penetration test are verified, scored, documented and reported. Effective penetration tests result in adequate reporting that enables the organization to make risk-based decisions on the mitigation or acceptance of identified vulnerabilities.
- Determining the feasibility of a specific types of attacks, man common
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities
- Identifying vulnerabilities that may be difficult or impossible to detect with automated scanning software
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of intrusion detection and intrusion prevention systems to successfully detect and respond to the attacks
- Providing evidence to support increased investments in security personnel and technology
Penetration tests are a component of a full Security Audit or Assessment and are often required by clients or regulators. For example, the Payment Card Industry Data Security Standard (PCI DSS) security and auditing standard requires both annual and ongoing penetration testing.