Penetration Testing (or pentest for short) is a real-life test of trying to utilize known (and sometimes unknown) exploits, social engineering and other techniques and attacks to gain access to resources and data inside an organization that should be protected from unauthorized access. These tests are used to determine what systems are vulnerable to attack before an actual attack happens, so that an organization can close those gaps or mitigate the risk associated with known and unknown vulnerabilities.
Penetration Testing is an involved process that organizations need to discuss with professionals to understand the ramifications of such tests. The level of which the test should be done, the rules of engagement behind the test and the duration if the test are base items that need to be understood and agreed to before any testing actually starts. Penetration tests are not just to see if someone can “hack” your organization. A professional penetration test is about identifying and mitigating business risk associated with a cyber-attack.
CDS provides both penetration testing services and penetration test consulting services, assisting our clients with understanding not only the value behind a test, but the intricate details behind the testing, including, but not limited to:
- Whitebox/blackbox testing
- Understanding and explanation of Scope
- The implications of currently implemented deterrent technologies on pentests
- Determination of the systems that should be tested
- Understanding the rules of engagement and explanation of why they are important
- Clear definition of the time allotted for testing and it’s importance to scope
No matter what level of penetration testing you need or are interested in, CDS is here to help assist and guide you to assure that you get an appropriate test for your organization, and that the results you receive actually achieve the goal of understanding and mitigating business risk.