Penetration testing is a method of assessing the security of a system, network or an entire organisation by emulating a real attack scenario. The ultimate goal of penetration testing is to help identify specific risks which, when addressed, will positively impact on your overall security.

The process involves an active evaluation of the system to discover the weaknesses affecting it. As part of the penetration testing process, our security consultants will not only identify weaknesses, but also exploit them in order to determine the real risk of the threat for the business.

On completion of the testing, a comprehensive report is delivered. The report will detail the security issues found during the testing including the impact of the issue and the risk for the business. For each security issue covered in the report, a detailed explanation of mitigating actions and recommendation are suggested. As well as providing technical recommendations, where possible, we identify the root cause of the issue and give recommendations at a process and policy level.

There are two main approaches for penetration tests based on the initial level of knowledge of the target system:

	Black Box Penetration Test: In a black box penetration test the consultants conduct the assessment with no knowledge of the system other than the target host or network. This provides a very realistic scenario of an anonymous outside attacker.
	White Box Penetration Test: In a white box assessment the consultants are provided with all the necessary details of the target system. This usually includes network maps, infrastructure details and even source code. Depending on the scenario, white box penetration tests can be more focussed and as a result can often be more cost effective.

The most common forms of penetration testing used are:

	Web Application Penetration Test: A web application penetration test is a scenario that emulates an attacker looking to compromise the confidentiality, integrity or availability of information or business process through infrastructure from outside the organization, typically via the Internet.
	External Penetration Test: External penetration tests are used to identify, evaluate and remediate the security vulnerabilities affecting an external infrastructure in order to ensure that unauthorised access to systems or data from the Internet is not achievable.
	Internal Penetration Test: Internal penetration tests recreate the scenario of an attacker connected to the company's internal network or a disgruntled employee.

For more information, please contact us and we would be happy to discuss your specific concerns in the context of your business.