What is penetration testing? | Process and methods
Penetration testing definition
Penetration testing (also known as pen testing or ethical hacking) is the systematic process of identifying and probing vulnerabilities in your networks (infrastructure) and applications (software).
It can also examine physical security measures or identify security weaknesses in people (social testing).
It is essentially a controlled form of hacking. The ‘attackers’ act on your behalf to find and test weaknesses that criminals could exploit. These might include:
- Inadequate or improper configuration;
- Hardware or software flaws;
- Operational weaknesses in processes or technical countermeasures; and/or
- Employees’ susceptibility to phishing and other social engineering attacks.
Experienced penetration testers mimic the techniques used by criminals to probe these vulnerabilities – individually or in combinations – without causing damage. This enables you to address the security flaws that leave your organisation vulnerable.
Find out about our penetration testing services
Why is penetration testing important?
New cyber security vulnerabilities are identified – and exploited by criminals – every week.
Identifying and fixing them is essential to your organisation’s security posture.
Only a penetration test carried out by a trained security professional can give you a proper understanding of the security issues you face.
To protect yourself, you should regularly conduct penetration tests to:
- Identify security flaws so that you can resolve them or implement appropriate controls;
- Ensure your existing security controls are effective;
- Test new software and systems for bugs;
- Discover new bugs in existing software;
- Support your organisation’s compliance with the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, and other relevant privacy laws or regulations;
- Enable your conformance to standards such as the PCI DSS (Payment Card Industry Data Security Standard); and
- Assure customers and other stakeholders that their data is being protected.
Types of penetration testing
Different types of pen testing will focus on various aspects of your organisation’s logical perimeter. This boundary separates your network from the Internet.
Web application (software) penetration tests
Web application tests focus on vulnerabilities such as coding errors or software responding to certain requests in unintended ways.
- Testing user authentication to verify that accounts cannot compromise data;
- Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting) or SQL injection;
- Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
- Safeguarding database server and web server security.
Learn more about web application penetration testing
Infrastructure (network) penetration tests
Internal network penetration tests focus on what an attacker with inside access could achieve. An internal test will generally:
- Test from the perspective of both an authenticated and non-authenticated user to assess potential exploits;
- Assess vulnerabilities affecting systems that are accessible by authorised login IDs and that reside within the network; and
- Check for misconfigurations that could allow employees to access information and inadvertently leak it online.
Learn more about internal network (infrastructure) penetration testing
External penetration tests identify and test security vulnerabilities that might allow attackers to gain access from outside the network. An external test will generally:
- Identify vulnerabilities in the defined external infrastructure, such as file servers and web servers;
- Check authentication processes to ensure there are appropriate mechanisms to confirm users’ identities;
- Verify that data is being securely transferred; and
- Check for misconfigurations that could allow information to be leaked.
Learn more about external network penetration testing
Social engineering penetration tests
As technical security measures improve, criminals increasingly use social engineering attacks such as phishing, pharming and BEC (business email compromise) to access target systems.
So, just as you should test your organisation’s technological vulnerabilities, you should also test your staff’s susceptibility to phishing and other social engineering attacks.
Learn more about social engineering penetration testing
Wireless network penetration tests
If you use wireless technology, such as Wi-Fi, you should also consider wireless network penetration tests.
- Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage;
- Determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking;
- Identifying opportunities to penetrate a network by using wireless or evading WLAN access control measures; and
- Identifying legitimate users’ identities and credentials to access otherwise private networks and services.
Learn more about wireless network penetration testing
Red team penetration testing
Red teaming is the most advanced level of penetration testing. It mimics the actions of a focused attacker. It uses any methods available to access your networks, systems and information.
Pen testers might copy common industry attacks or pursue an entirely bespoke attack vector. In some instances, depending on the scope of the engagement, the red team may attempt to gain physical access.
Attacks may be conducted in phases or on several fronts to identify vulnerabilities that criminal hackers could exploit.
Any data exfiltration will be attempted over a secure channel to protect the information in transit. The testers will record the details of the attack and which systems, tools or accounts were used.
At the end of the test, the red team will restore any systems to their initial states and provide a detailed report explaining your security risks and how to resolve them.
Learn more about red team assessments
Speak to an expert
For more information on how our CREST-accredited penetration testing services can help safeguard your organisation, call us now on
+44 (0)333 800 7000, or request a call back using the form below.
Get in touch
IT Governance’s penetration testing solutions
Our CREST-accredited penetration testing services have been developed to align with your business requirements, budget, and value you assign to the assets you intend to test.
Our proprietary security testing methodology is closely aligned with the SANS, OSSTMM (Open Source Security Testing Methodology Manual) and OWASP (Open Web Application Security Project) methodologies.
Level 1 penetration tests are suitable for organisations that want to identify the common exploitable weaknesses targeted by opportunistic attackers using freely available, automated attack tools. They are an off-the-shelf option with fixed constraints and are priced by scale, according to factors such as the number of IP addresses in scope.
Level 2 penetration tests are aimed at those with more complex objectives or who require a more detailed exploration of complex or sensitive environments. They are designed according to clients’ individual needs following scoping.
Read more about our penetration testing services here. Follow the links below or contact us today to discuss your penetration testing needs.