A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as end-user adherence to security policies.
Penetration testing is typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure. Once vulnerabilities have been successfully exploited on a particular system, testers may attempt to use the compromised system to launch subsequent exploits at other internal resources, specifically by trying to incrementally achieve higher levels of security clearance and deeper access to electronic assets and information via privilege escalation.
Information about any security vulnerabilities successfully exploited through penetration testing is typically aggregated and presented to IT and network system managers to help those professionals make strategic conclusions and prioritize related remediation efforts. The fundamental purpose of penetration testing is to measure the feasibility of systems or end-user compromise and evaluate any related consequences such incidents may have on the involved resources or operations.
Secur security experts simulate the tactics, techniques and procedures (TTPs) of real-world attackers targeting your high-risk cyber assets. Our deep knowledge of advanced persistent threat (APT) attacker behaviour can help you:
- Determine whether your critical data is actually at risk
- Identify and mitigate complex security vulnerabilities before an attacker exploits them
- Gain insight into attacker motivations and targets
- Get quantitative results that help measure the risk associated with your critical assets
- Identify and mitigate vulnerabilities and misconfigurations that could lead to future compromise
What you get
- High level executive summary report
- Technical documentation that allows you to recreate our findings
- Fact-based risk analysis to validate results
- Tactical recommendations for immediate improvement
- Strategic recommendations for long-term improvement
Penetration tests conducted by Secur Consultants are customized to your environment; no two assessments are ever the same. A wide variety of penetration testing options are available, with each option providing information that can dramatically improve security in your organisation.
Types of penetration testing
Different types of pen testing will focus on various aspects of your organisation’s logical perimeter. This boundary separates your network from the Internet.
Infrastructure (network) penetration tests
Infrastructure vulnerabilities include insecure operating systems and network architecture, such as:
- Flaws in servers and hosts;
- Misconfigured wireless access points and firewalls; and
- Insecure network protocols (the rules that govern how devices such as modems, hubs, switches and routers communicate with each other).
- Network penetration tests aim to identify and test these security flaws.
Types of infrastructure penetration test:
External infrastructure (network) penetration tests
An external network penetration test assesses your network for vulnerabilities and security issues in servers, hosts, devices and network services. External penetration testing will:
- Identify and assess all Internet-facing assets a criminal hacker could use as potential entry points into your network.
- Evaluate the effectiveness of your firewalls and other intrusion-prevention systems.
- Establish whether an unauthorised user with the same level of access as your customers and suppliers can access your systems via the external network.
Internal infrastructure (network) penetration tests
An internal, or internal infrastructure, penetration test assesses what an insider attack could accomplish. An insider refers to anyone that has access to organisational applications, systems and data. This can include employees, contractors or partners.
The target is typically the same as external penetration testing, but the major differentiator is the attacker either has some sort of authorised access or is starting from a point within the internal network.
Internal network test generally:
- Tests from the perspective of both an authenticated and non-authenticated user to assess potential exploits;
- Assesses the vulnerabilities that exist for systems that are accessible to authorised login IDs and that reside within the network; and
- Checks for misconfigurations that would allow employees to access information and inadvertently leak it online.
Once identified, the vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the network owner’s budget and risk appetite, inducing a proportionate response to cyber risks.
Wireless network penetration tests
If you use wireless technology, such as Wi-Fi, you should also consider wireless network penetration tests.
- Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage;
- Determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking;
- Identifying opportunities to penetrate a network by using wireless or evading WLAN access control measures; and
- Identifying legitimate users’ identities and credentials to access otherwise private networks and services.
Web application (software) penetration tests
A web application penetration test aims to identify security vulnerabilities resulting from insecure development practices in the design, coding and publishing of software or a website.
Web app penetration tests test will generally include:
- Testing user authentication to verify that accounts cannot compromise data;
- Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting);
- Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
- Safeguarding web server security and database server security.
The vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the application owner’s budget and risk appetite, inducing a proportionate response to cyber risks.
Social engineering penetration tests
As technical security measures improve, criminals increasingly use social engineering attacks such as phishing, pharming and BEC (business email compromise) to access target systems.
So, just as you should test your organisation’s technological vulnerabilities, you should also test your staff’s susceptibility to phishing and other social engineering attacks.
The penetration testing service applies a systematic approach to uncovering vulnerabilities that leave your critical assets at risk and is comprised of four steps: target reconnaissance, vulnerability enumeration, vulnerability exploitation and mission accomplishment.
- In target reconnaissance, Secur consultants gather information about your environment, including company systems, usernames, group memberships and applications.
- For vulnerability enumeration, Secur security professionals seek to identify your exploitable vulnerabilities and determine the best way to take advantage of them.
- In vulnerability exploitation, penetration testers attempt to realistically exploit the identified vulnerabilities using a combination of publicly available exploit code, commercial penetration testing tools and customized exploit code and tools.
- In mission accomplishment, Secur experts gain access to your internal environment. Tactics could include through the internet, by stealing data from segmented environments, or subverting a device with malicious commands.
Ready to get started?
Our security experts are standing by to help you with an incident or answer questions about our consulting and managed detection and response services.
Secur has a robust testing methodology that extends across infrastructure and application testing engagements. Although every penetration test is tailored to our clients’ individual needs, we follow the same proven methodology so as to maintain a consistent and reproducible set of results.
From a high level perspective, Secur’s infrastructure testing methodology is based around seven core phases:
- Phase 1: Scoping (Download the appropriate scoping form at the bottom of this page)
- Phase 2: Reconnaissance and Enumeration
- Phase 3: Mapping and Service Identification
- Phase 4: Vulnerability Analysis
- Phase 5: Service Exploitation
- Phase 6: Pivoting
- Phase 7: Reporting and Debrief