What you should know about pen test

July 5, 2019

Have you heard of a ‘secret customer’ trick? The person pretending to be a customer hired by a third party to test the quality of services provided by the business. Penetration testing works similarly: the so-called noble hackers attempt to track down weak spots in a computer system.

What is penetration testing?

Penetration testing or pen test is also known as ethical hacking for evident reasons. Penetration testing is an imitation of a real hacking attack but from the white side and with noble intentions. Security technicians who perform the pen test are not interested in stealing your data: they are interested in showing you how your data can be stolen by real hackers and where you have to keep an eye open.

However, results of penetration testing are not aimed at scaring you to death. They usually go hand in hand with professional recommendations and solutions on how to protect your system and what measures to take.

Why penetration testing is required?

  • You've seen the consequences of breach damage that other companies succumbed to;
  • You're subject to law regulations (i.e. ISO 27001, HIPAA, Payment Card Industry Security Standard, etc) and required to comply with the set of security standards.
  • Your business is tightly connected to outsourcing and you don't want to make it the reason for data loss
  • Your team is planning on enhancing business processes in your company, and you want to make sure those changes would run smoothly and securely
  • You want to play proactively and decided to calculate potential expenses on the condition your system becomes a victim of cyber attack

Types of penetration testing

There are several types of penetration testing that vary depending on test goals, company size, type of industry, potential business risks, etc.

White box penetration testing

Attackers are given full access to company security information (source code, technical documentation, design information, etc) and try to spot security breaches in your system.

The disadvantage of a white box or clear box testing is fully uncovered company information for a tester. Naturally intruders act under conditions of poorly hidden or well-protected company security details.

Black box penetration testing

Performing this type of testing, developers act blindfolded. Opposite to the white box testing, no information about the target system is available, and in a limited period of time "hackers" are trying to disclose system vulnerabilities. Such an approach is efficient thanks to the simulation of real-life conditions most hackers operate in. It efficiently demonstrates to a team the outside view on how strong company security policy actually is or not. The downside of black box testing is that some security gaps can be easily missed out due to the lack of provided information to the tester.

Double-blind testing

Double-blind testing is aimed at catching a company security team off their guard. It means, no prior information about a series of attacks was exposed to company personnel (except for a few people managing the whole “show”). Here’s pen testing is a great helper in evaluating a team's response capability to security incidents and coping with them.

External testing

External testing pursues the same goals of detecting weak spots but the scope is limited. It means testers aim only at public company representation: its website, visible applications or email servers, etc.

Internal testing

Quite the opposite to the external type, this way of checkup starts inside the internal company network. The testing results illustrate the way unfaithful employees (holding a grudge against your company for being fired or reduced in position) can damage your system from inside. It also gives a picture of how the system can be intruded with employee's credentials that have been stolen.

What are benefits of penetration testing?

Foremost, penetration testing isn't trying to demonstrate the lack of expertise possessed by your security/development team. The amount of new cyber attacks increases outrageously every year, and the goal is to protect your system from future attacks.

The next advantage is that penetration testing reveals how security mature your personnel is and how to boost their awareness.

Choosing the white side of doing business with secure and transparent methods hides the double gain. Protecting your own system and data you strengthen your company reputation as a fair player who is concerned about clients and the quality of services they receive.

Dhound Penetration Testing builds customer relations on an honest approach and provides assistance that fits in with your special case.