Penetration testing

Penetration testing (pentest) is a targeted simulation of a cyberattack on the IT infrastructure, which is carried out by information security specialists to assess the level of its information security.

The purpose of the pentest is to identify threats and vulnerabilities that an attacker can use, for example, to steal data, and generate a detailed report with recommendations on how to eliminate them and improve the company’s information security level.

The stages of the pentest

Planning and exploration. Determine the scope and objectives of the pentest, collect the necessary data, and identify the systems that need to be tested.

Scanning. Using automated tools to understand how the system reacts to various intrusion attempts.

Getting access. Exploiting vulnerabilities that were discovered at the previous stage and attempts to hack the system.

Maintaining access. Checking whether the vulnerability can be exploited to achieve a permanent presence in the system.

Analysis. Analyzing the results, generating a report with detected threats and vulnerabilities and recommendations for their elimination.

Types of penetration testing

Penetration testing can be divided into three main types, each of which is characterized by a different degree of knowledge about the system and a different level of information disclosure.

Testing the “black box. The pentester has no prior knowledge of the system, so it simulates an attack by an external hacker.

Testing the “white box. The pentester has complete knowledge of the system to conduct comprehensive and thorough testing.

Testing the “gray box. The pentester has partial knowledge of the system. Such a check simulates an attack by a privileged user.

We use cookies to optimise website functionality and improve our services. To find out more, please read our Privacy Policy.
Cookies settings
Strictly necessary cookies
Analytics cookies