Real Cloud Estate Penetration Testing
What is penetration testing?
Penetration testing (or pen testing) is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system’s defenses which attackers could take advantage of.
What are the types of pen tests?
- Open-box pen test - In an open-box test, the hacker will be provided with some information ahead of time regarding the target company’s security info.
- Closed-box pen test - Also known as a ‘single-blind’ test, this is one where the hacker is given no background information besides the name of the target company.
- Covert pen test - Also known as a ‘double-blind’ pen test, this is a situation where almost no one in the company is aware that the pen test is happening, including the IT and security professionals who will be responding to the attack.
- External pen test - In an external test, the ethical hacker goes up against the company’s external-facing technology, such as their website and external network servers.
- Internal pen test - In an internal test, the ethical hacker performs the test from the company’s internal network. This kind of test is useful in determining how much damage a disgruntled employee can cause from behind the company’s firewall.
How is a typical pen test carried out?
Pen tests start with a phase of reconnaissance, where gathering data and information will be collected for the simulated attack. After that, the focus becomes gaining and maintaining access to the target system, which requires a broad set of tools.
Tools for attack include software designed to produce brute-force attacks or SQL injections. social engineering techniques to find vulnerabilities. For example, sending phishing emails to company employees.
The hacker wraps up the test by covering their tracks; this means removing any embedded hardware and doing everything else they can to avoid detection and leave the target system exactly how they found it.
The test is carried out
THe Penetration test is carried out and results are collected for the person who has requested the penetration test, we use software and hardware to carry out these tests and the tests cane take some time to complete.
The test results
After the results have been given to you, Real Cloud Estate can also offer you advice on how to strengthen your systems if any issues are found within your systems.