Learn what types of penetration testing methods your business may need.
This post goes into the what, the why, and the how of penetration testing to help you determine what type is best for your business.
What is a penetration test?To combat a hacker, you need to think like a hacker. Penetration testing is a form of ethical hacking that simulates attacks on an organization’s network and its systems. This is done to help businesses find exploitable vulnerabilities in their environment that could lead to data breaches.
Why should my business get a penetration test?Most environments are designed, built, and maintained by employees that have little to no professional experience in security. A penetration test is performed by a security expert trained to identify and document issues that are present in an environment. The resulting report can give you the opportunity to remediate the issues before they have been exploited by a real attacker.
The PCI DSS also requires that businesses test security controls annually and perform segmentation checks every six months. Subsequent assessments on these controls should also be done after any major change has been made.
SEE ALSO: New 3.2 Requirements for Penetration Testing and Segmentation: What You Don’t Know
How are penetration tests performed?A penetration test can be broken into three steps:
The methodology of penetration testing is split into three types of testing: black-box assessment, white-box assessment, and gray-box assessment.
Chad Horton has been the Manager at SecurityMetrics for over five years. His responsibility includes managing a team of eight employees who conduct manual assessments of web applications and corporate networks. In addition, Horton is QSA, CISSP, and CompTIA Security+ certified, and has written numerous web application tools to assist in exploiting vulnerabilities.