What is penetration testing (or pen testing)
This type of analysis is designed to assess the security of a 'web application' - software that interfaces with the network - so the tests cover the entire computer system of an organisation. For example, the analysis of a web portal starts by testing the different functionalities, and then focuses on the authentication mechanism and the interaction with databases. This is followed by analysing the configuration of the relevant server and all the elements surrounding it in the network, and thus all the data and information owned by an organisation.
The 'PenTest' is the verification needed to prove that the IT system meets the security requirements of its stakeholders.
How it works and how a penetration test takes place
The process involves an active and passive analysis of the system to identify any weaknesses, technical flaws and vulnerabilities: these issues may arise from the design, implementation or management of the system, and could be exploited to compromise the security objectives of the system and hence the business.
The aim is to prevent a malicious attacker - external or internal - or a system instability from impacting the confidentiality, integrity and availability of resources.
Detected security problems will be presented to the system owner in a report, together with an impact assessment, a technical solution or, if not possible, a mitigation remedy.
An organisation must invest in increasing its focus on security issues, and by incorporating Penetration Testing into the continuous auditing process, the entire IT structure can be made secure and stable.
Maintaining a good vulnerability assessment routine is important to monitor the security status of your business at periodic intervals. Recurring penetration tests allow you to check the delta of changes that occur within your business over a defined time interval, so that you can address any systemic criticalities and persistent errors that tend to recur over time.
If you are unable to perform a penetration test yourself, please contact your IT consultant or contact our support.