Penetration testing is the practice of testing a system (physical or computer), network or web application or premises, to find security vulnerabilities that an attacker could exploit.
The process involves analysing the target, identifying potential weaknesses or entry points, and then attempting to penetrate the target; using the tools and techniques a real attacker would use, and then reporting back the results.
There are two types of penetration test, a ‘Whitebox’ or ‘White hat’ test and a ‘Blackbox’ or ‘Black hat’ test. In a Whitebox scenario, the client is aware of the test and shares information about the target in advance of the test. In a Blackbox test scenario, a real attack posture by the testers is adopted, and the clients security and/or IT team is unaware of the test penetration test.
Matrix can perform both ‘Whitebox’ and ‘Blackbox’ penetration testing for our clients.
Penetration tests should be carried out at least annually, ideally bi-annual, and also typically when one of the below events takes place:
- Establish office/site in new location
- Adds new network infrastructure or applications
- Prior to a new system being released
- Modification of end user policies
- Implements patches to its applications or infrastructure
- Implements upgrades
- For compliance with certification or standards
- Implements modifications to its applications or infrastructure
- At least once per year as standard policy
For assistance with Penetration Testing call us on 0203 781 9300 or email email@example.com.