A penetration test is a simulated attack on a computer system that looks for security weaknesses, potentially gaining access to the system’s features and data.
Penetration Tests are needed to test the security solutions in
place and determine their effectiveness.
Red Teams are teams of hackers who with little information on the target
asset attempt to mimic a real world attack on the asset. This provides valuable information on the asset as seen from an outside view.
- Red Team Exercises
- Capture the Flag
- Social Engineering Testing
- Web Application Exploitation
- Infrastructure Testing
NIST SP 800 – 115 framework. Section 5.2 is the section that
addresses Penetration Testing.
This penetration testing framework is useful for determining the following:
- How well the system tolerates real world-style attack patterns
- The likely level of sophistication an attacker needs to successfully
compromise the system
- Additional countermeasures that could mitigate threats against the system
- Defenders’ ability to detect attacks and respond appropriately
Phases of Penetration Testing
- Gaining Access
- Maintaining Access
- Covering Track
These services benefit the view of the asset by:
- Mimicking real attack scenarios
- Providing Reals world data on the security of the asset
- Comprehensive analysis on remediations and security procedures