PrivacyAid

Penetration Testing

A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorised simulated cyberattack on a computer system, performed to evaluate the security of the system.

The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorised parties to gain access to the system’s features and data.

The National Cyber Security Centre describes penetration testing as the following: “A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary might.” [10]

The goals of a penetration test vary depending on the type of approved activity for any given engagement with the primary goal focused on finding vulnerabilities that could be exploited by a nefarious actor and informing the client of those vulnerabilities along with recommended mitigation strategies.

Penetration tests are a component of a full security audit. For example, the Payment Card Industry Data Security Standard requires penetration testing on a regular schedule, and after system changes.

Several standard frameworks and methodologies exist for conducting penetration tests. These include the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), the NIST Special Publication 800-115, the Information System Security Assessment Framework (ISSAF) and the OWASP Testing Guide.

PrivacyAid works in conjunction with iSTORM to offer a full range of Penetration Testing services.

Stay ahead of the hackers and protect your critical data

Get in touch...

View our privacy policy here