A penetration test is an examination of the security measures protecting a system.
It simulates an attack that hackers or cyber criminals would carry out by replicating the methods
they use to identify vulerabilities in systems and the tools and methods they employ to exploit the vulnerabilities
to gain access to the system.
A penetration test provides demonstrable evidence about the effectiveness of the security measures
your organisation has in place to protect its assets.
It will reveal which security measures are effective and reveal those which are not.
Just as importantly penetration tests reveal how the ineffective measures can be exploited, which is crucial since knowing how security measures can be exploited can help you correct these vulnerablities much more effectively.
Irrespective of the size of system being tested, a penetration test involves the following seven stages:
Scoping & Information Gathering - the client tells the penetration tester what system is to be tested and provides information needed to carry out the test.
Reconnaissance - the penetration tester looks for any additional information relating to the system or software. Hackers and cyber criminals often do extensive research on their targets to have as much information as possible so that they can attack their target with a greater chance of success.
Discovery & Scanning - the penetration tester scans the system looking for any hardware, software, services, and any other features that can be targeted by an attacker.
Vulnerability Discovery - the penetration tester then examines any of the features found to see if they have any vulnerablities which can be exploited by an attacker.
Exploitation - the penetration tester "exploits" any vulnerabilties found using the tools and techniques an attacker would. This stage aims to demonstrate in a practical way that the system is indeed vulnerable.
Client Report - the penetration tester provides a comprehensive report on the findings and how any issues can be fixed.
Post Test Remediation - the client uses the report to fix the issues identified. The client can also schedule a retest to ensure that the issues have been fixed.
The price for a penetration test is dependent on the size and complexity of the system requiring a test
since a penetration test is a bespoke undertaking. Bergerode Consulting can offer a competitive price, so get in touch today.