PenetrationTestingPro.com
Home arrow Security Guides Library
Thursday, 29 March 2007
 
 
Home
Pen Testing of Windows
Self-testing security
Pen Testing your VPN
Domain Controller PenTest
Tools: Metasploit

We provide:

Security risk assessment, risk management assessment, security risk management, security audit, security compliance, security management, vulnerability assessment, security policy, policy assessment, vulnerability assessments, security analysis, management assessment, security consulting, security policies, security consultants, risk security, security plan, security systems, assessment evaluation, assessment standards, security monitoring, security testing, network security, risks security, information security, application security, assessment development, ethical hacking, sample assessment, it security, threat security, security report, security scan, security protection, security test, assessment report, security auditing, security solutions, network audit, security services, vulnerability, management threat assessment, network assessment, security vulnerability, risk management, data security, security risk, business security, intrusion detection, computer security, internet security, risk assessments, web security.

Advice on Penetration Testing
Essential Tips to Ensure Your Penetration Testing....
Read more...
 

What is a penetration test?

A penetration-test, also called security assessment, is the process of actively evaluating your information security measures. Note the emphasis on ‘active’ evaluating; the information systems will be tested to find any security issues, as opposed to a solely theoretical or paper-based audit.

The results of the assessment will then be documented in a report, which should be presented at a debriefing session, where questions can be answered and corrective strategies can be freely discussed.

For a few pages of a report sample, please click here.

Why conduct a penetration test?

From a business perspective, penetration testing helps safeguard your organisation against failure, through:

  • Preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through lost revenue due to unreliable business systems and processes.
  • Proving due diligence and compliance to your industry regulators, customers and shareholders. Non-compliance can result in your organisation losing business, receiving heavy fines, gathering bad PR or ultimately failing. At a personal level it can also mean the loss of your job, prosecution and sometimes even imprisonment.
  • Protecting your brand by avoiding loss of consumer confidence and business reputation.

From an operational perspective, penetration testing helps shape information security strategy through:

  • Identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively; budget can be allocated and corrective measures implemented.

What should be tested?

Ideally, your organisation should have already conducted a risk assessment, so will be aware of the main threats (such as communications failure, e-commerce failure, loss of confidential information etc.), and can now use a security assessment to identify any vulnerabilities that are related to these threats. If you haven’t conducted a risk assessment, then it is common to start with the areas of greatest exposure, such as the public facing systems; web sites, email gateways, remote access platforms etc.

Sometimes the ‘what’ of the process may be dictated by the standards that your organisation is required to comply with. For example, a credit-card handling standard (like PCI) may require that all the components that store or process card-holder data are assessed.

What do you get for the money?

The report presenting the results of the assesment should be broken into sections that are specifically targeted at their intended audience. Executives need the business risks and possible solutions clearly described in layman's terms, managers need a broad overview of the situation without getting lost in detail, and technical personnel need a list of vulnerabilities to address, with recommended solutions and a mitigation tracker.

What to do to ensure the project is a success ?

The scope should be clearly defined, not only in the context of the components to be (or not to be) assessed and the constraints under which testing should be conducted, but also the business and technical objectives. For example penetration testing may be focussed purely on a single application on a single server, or may be more far reaching; including all hosts attached to a particular network.

Penetration Test request and Payment Submission Form:

Please submit your payment of $499:00 for a Penetration Testing of your system.

BusinessName
ContactInformation
EmailAddress
WebSiteAddress
WorkOrder
CompletionDate
  
 
Top! Top!