Penetration Testing 101

Ethical hackers use penetration testing, or pentesting, to test the security measures of computer systems. Pentesters will use all the tricks of the hacking trade to try and breach the networks of their clients. They then advise on how to make them safer.

Why is it useful? 

Organizations often have very complicated computer networks. And their in-house IT experts may not have experience with actual hacking. Hackers are at an advantage because they only need to win one attack while the target has to win every defense. Because pentesters know how hackers think and operate, they have a better chance of detecting vulnerabilities.

How does it work?

Pentests can be from mild to extreme. An organization may just want its web apps or a specific portion of its software to be tested, and would consider everything else out of scope (forbidden from hacking attempts by the pentesters). Another organization may want a more thorough investigation, which might involve malicious targeted surveillance, long-term keylogging, the planting of bugs, or in-person surveillance of a client’s office.

Some of the more novel pentester ploys include dressing up as a janitor and requesting access to a computer room, following employees of a company to the local bar to extract information from them, and shutting down an office’s WiFi so employees are forced to use an insecure connection in a neighboring café.

When techniques like these are combined it’s known as 'red teaming', highly intrusive operations in which pentesters act like the enemy in every possible way. According to RedTeam Security, based in Saint Paul, Minnesota:

The objective of a red team test is to obtain a realistic level of risk and vulnerabilities against your technology, people and physical/facilities.

  1. Technology: networks, applications, routers, switches, appliances, etc.
  2. People: staff, independent contractors, departments, business partners, etc.
  3. Physical: offices, warehouses, substations, data centers, buildings, etc.

During the pentest, logs of every action are carefully kept so a final report can be delivered. The report contains an assessment of the risk threats. Clients may learn that they’ve been hacked in the past, or that a hacker is sitting in their network at present. Sensitive/personal data may also be uncovered. That’s why it’s crucial to establish trust between the client and the tester.

Who else does it help?

A pentest increases security for everyone. Pentesters may discover new attack methods and every pentest makes the testers themselves smarter. The more systems they investigate, the more viruses they can patch.

Ethical Hacking

Hackers can be a force for good. They're often hired by companies and governments to assess security risks and potential vulnerabilities in networks.

Penetration Testing 101

SPYSCAPE
Share
Share to Facebook
Share with email

Ethical hackers use penetration testing, or pentesting, to test the security measures of computer systems. Pentesters will use all the tricks of the hacking trade to try and breach the networks of their clients. They then advise on how to make them safer.

Why is it useful? 

Organizations often have very complicated computer networks. And their in-house IT experts may not have experience with actual hacking. Hackers are at an advantage because they only need to win one attack while the target has to win every defense. Because pentesters know how hackers think and operate, they have a better chance of detecting vulnerabilities.

How does it work?

Pentests can be from mild to extreme. An organization may just want its web apps or a specific portion of its software to be tested, and would consider everything else out of scope (forbidden from hacking attempts by the pentesters). Another organization may want a more thorough investigation, which might involve malicious targeted surveillance, long-term keylogging, the planting of bugs, or in-person surveillance of a client’s office.

Some of the more novel pentester ploys include dressing up as a janitor and requesting access to a computer room, following employees of a company to the local bar to extract information from them, and shutting down an office’s WiFi so employees are forced to use an insecure connection in a neighboring café.

When techniques like these are combined it’s known as 'red teaming', highly intrusive operations in which pentesters act like the enemy in every possible way. According to RedTeam Security, based in Saint Paul, Minnesota:

The objective of a red team test is to obtain a realistic level of risk and vulnerabilities against your technology, people and physical/facilities.

  1. Technology: networks, applications, routers, switches, appliances, etc.
  2. People: staff, independent contractors, departments, business partners, etc.
  3. Physical: offices, warehouses, substations, data centers, buildings, etc.

During the pentest, logs of every action are carefully kept so a final report can be delivered. The report contains an assessment of the risk threats. Clients may learn that they’ve been hacked in the past, or that a hacker is sitting in their network at present. Sensitive/personal data may also be uncovered. That’s why it’s crucial to establish trust between the client and the tester.

Who else does it help?

A pentest increases security for everyone. Pentesters may discover new attack methods and every pentest makes the testers themselves smarter. The more systems they investigate, the more viruses they can patch.

Article Ad
Article Ad
Article Ad

Ethical Hacking

Hackers can be a force for good. They're often hired by companies and governments to assess security risks and potential vulnerabilities in networks.

Read mORE

RELATED aRTICLES

This story is part of our weekly briefing. Sign up to receive the FREE briefing to your inbox.

Gadgets & Gifts

Put your spy skills to work with these fabulous choices from secret notepads & invisible inks to Hacker hoodies & high-tech handbags. We also have an exceptional range of rare spy books, including many signed first editions.

Shop Now

Your Spy SKILLS

We all have valuable spy skills - your mission is to discover yours. See if you have what it takes to be a secret agent, with our authentic spy skills evaluation* developed by a former Head of Training at British Intelligence. It's FREE so share & compare with friends now!

dISCOVER Your Spy SKILLS

* Find more information about the scientific methods behind the evaluation here.