top of page
AdobeStock_247246426_edited.jpg

Penetration Testing

A penetration test attempts to simulate the actions of an external or internal attacker who is trying to breach the information security of an organization. Our team performing the test uses a combination of tools, techniques, experience, and expertise with the goal to bypass the existing security controls of the target organization. The primary objective is to compromise and gain access to sensitive systems, information and privileged login access escalation.

The methodology followed by penetration testers is inherently less structured to allow for rapid adjustment while testing the environment. However, most penetration methodologies typically follow these key steps:

Overview

Advanced, automated, and manual-testing techniques to identify and utilize weaknesses in the environment.

A penetration test’s core deliverables should include a targeted, technical report that focuses on narrating the path of the attacker, documenting vulnerabilities discovered as part of the assessment, and providing the organization with recommended remediation activities to prevent similar future attacks. The depth of the report depends on the methods of the attacker, how long it took to achieve the objective, and the systems compromised to complete the objective of the assessment.

Goal and Focus

Determines whether an organization’s current level of security maturity can withstand an intrusion attempt from an advanced attacker with specific goals.


Achievement of a specific testing goal (take control of an internal asset, demonstrate control of the network, gain physical access to a restricted area) by any means.


Focuses on depth of an attack over breadth.

Client Maturity Level - High

The organization has established security teams, monitoring, and response procedures which would be assessed. Ultimately, the organization believes its defenses are strong and is looking to test that understanding.


Assessment of the organization’s current security maturity to prevent, identify, block, and respond to a real-life attack simulation.

Deliverables

A targeted summary narrative that includes the successful attack vector and recommended remediation activities to close that attack vendor.

"Had the penetration testing been an actual attack, there would have been catastrophic business and financial implications for our bank"

CIO, South African Bank

The methodology followed by penetration testing is inherently less structured to allow for rapid adjustment while testing the environment. However, most penetration methodologies typically follow these key steps:

•    Determination of the scope and testing objectives;
•    Targeted information gathering and reconnaissance;
•    Identification and exploitation of weakness to gain and escalate 

     access;
•    Demonstrate completion of the testing objective; and
•    Clean up and reporting.

bottom of page