Penetration Testing... What is it, and why?
A penetration test often referred to as a pen-test, is an attempt to evaluate the security of an IT infrastructure by safely exploiting its potential vulnerabilities.
These vulnerabilities may exist in services and program or code flaws, operating systems, improper configurations or as the result of risky end-user behaviours. These assessments are also useful in validating the effectiveness of an organization’s defensive mechanisms, as well as, end-user adherence to security policies.
Penetration tests typically attempt to compromise endpoints, end-users, servers, mobile devices, web applications, wireless networks, network devices and other potential points of exposure. Once vulnerabilities have been successfully exploited, testers may attempt to use the compromised system to launch successive attacks on other internal resources to obtain deeper access to electronic assets and information through privilege escalation. The fundamental purpose of penetration testing is to quantify the feasibility of the systems protecting IT Infrastructure and the impact of end-user behaviour and to compromise and evaluate any related consequences such incidents may have on the operations and resources involved.
The endgame fantasy:
The point of a pen-test is to aggregate information about any security vulnerabilities successfully exploited and present to IT and network system managers. This data will aid in the formulation of strategic defences and policies and help to prioritize related remediation efforts.
Every organization should conduct penetration testing—better the devils you know, than the devils you don’t!
Please leave your comments below, join our mailing list and feel free to share this little gem of wit and wisdom.