Penetration testing
A Penetration Test is a manual, detailed process that replicates an attack that would be conducted by a malicious hacker. This can highlight weaknesses in reporting procedures and attack detection, in addition to system vulnerabilities and mis-configurations.
Unlike a vulnerability assessment, any potential vulnerabilities discovered in a penetration test will be examined in detail in order to exploit the vulnerability with the intention of gaining unauthorised system access or data exfiltration.
At the completion of a penetration test, conducted by NGTS, a comprehensive report will be produced that details any vulnerabilities that were discovered, if these vulnerabilities were successfully exploited and the level of unauthorised access that was attained. The report will also contain recommendations to remove or mitigate any vulnerabilities discovered.
The report will contain sufficient technical detail for any exploits to be reproduced to enable re-testing to take place once all recommendations have been completed. NGTS will also provide a technical walk-through of the report to enable on site IT security personnel to fully understand the vulnerabilities and risks discovered.
Types of penetration tests
Black box
In a black box penetration test no information about the target infrastructure is provided apart from URL or IP address details. This type of test most closely simulates a real world attack but is the most time consuming.
Grey box
In a grey box penetration test some information is disclosed to simulate an attack by an unprivileged insider threat with access to the internal network.
White box
In a white box penetration test details of the existing infrastructure are disclosed. This type of penetration test simulates a scenario when a disgruntled IT administrator or other trusted user with knowledge of the infrastructure attempts to gain unauthenticated access or elevate privileges.