A Penetration Test is the process of assessing a network for external vulnerabilities and if found, performing a controlled attack to verify the results. This type of test is valuable in determining an organization’s overall security posture.

To ensure a safe and thorough Penetration Test, our company follows a structured methodology that includes the following steps:

Discovery, Enumeration, Research, Exploitation and Reporting.

Discovery is one the most important components and is often overlooked. Discovery involves gathering details about the target organization, its systems and employees through publicly available sources. The information gathered is used to assist the testing team during the exploitation phase as well as shed light on its current external presence.

Once the discovery phase has yielded information such as domain names, host names and network boundaries, i.e., firewalls, routers and intrusion detection systems; the testing team will attempt to extract as much information as possible about each component.

From the data gathered in the discovery and enumeration phases, the testing team will conduct research using several databases to determine how reported vulnerabilities can be exposed and exploited.
With the customer’s permission, the testing team will attempt to exploit the vulnerabilities that have been identified in the enumeration phase. When this critical stage is completed the last component will be prepared.

When reporting, recommendations and comments regarding the overall effectiveness of the network are summarized, for better effectiveness, three types of report are presented, an executive summary, which is a high level overview of findings, a technical review, which is solely intended for IT Executives, and a discovery findings overview, included as a reference.

Responses are currently closed, but you can trackback from your own site.

Comments are closed.