Pentesting is a special form of security analysis where an audit team emulates a hacker and tries to gain access to private networks, internal company services, billing servers, workstations of rank and file staff to management and so on.
While the goals of an attacker are always destructive - blocking, Denial of Service, data corruption, theft - a penetration testing team adopts the cybercriminal mantle to secure the client and harden systems.
Typical Penetration Testing process:
- Reconnaissance - gathering information about domains, endpoints, software in use by the company, server location and network infrastructure. Other services available upon request.
- Creating an informative and visually approachable report that describes possible attacker’s path to achieve goal, and our recommendations to secure your infrastructure.
- Scanning web/mail/network applications with automated tools that can pinpoint potential weaknesses and known vulnerabilities.
- At this stage we see whether the goal is achieved. If it's not we need to go deeper.
- Reviewing discovered security flaws and scrupulous manual testing of critical functionality to uncover more attack vectors.
- Exploiting vulnerabilities to achieve the goal or become closer to it.