What is penetration testing?
With serious and harmful cyber attacks like Advanced Persistent Threats (APT), ransomware attacks and insider threats dominating news headlines so frequently nowadays, it is immensely important for organisations to spot potential vulnerabilities and keep their security posture tight by fixing them. Penetration testing plays a vital role in identifying, understanding, and remediating the vulnerabilities in an organisation’s systems and applications before a cyber attacker finds and exploits the opportunity.
Penetration testing is a simulated attack with an end purpose of obtaining critical information from a hacker’s perspective who continually attempts to gain unauthorised access to the systems. Vulnerabilities once identified, are exploited to realise access to sensitive information. Security issues uncovered through penetration testing are then presented to the system/application owner, with an accurate assessment of the potential impact it causes to the organisation. Conducting penetration testing also helps in:
- Discovering and addressing the gaps within the security tools that an organisation is using
- Finding multiple attack vectors and misconfigurations
- Prioritising the vulnerable opportunities and fixing them, and
- Improving the overall security latency of the organisation
SecureTriad’s approach to penetration testing utilises a comprehensive, risk-based approach to identify critical vulnerabilities that exist in all in-scope networks, systems, hosts, and applications using a combination of automated and manual techniques. Our processes are governed by established industry practices such as OWASP, OSSTMM, NIST, PTES and SANS. These industry standards play a vital role in guiding us through a detailed and accurate assessment of information systems.
Our approach is divided into five main categories which are as follows:
Open Source Intelligence (OSINT) is the process of gathering information from free, public sources.