Designing a Testing Programme >>>
Penetration testing is a specific targeted test at a defined target. The target may be to gain network access from the Internet, acquire administration login, or extract confidential information such as credit card details.
Penetration testing may be a contractual requirement, and is often required to be repeated annually. In addition, a number of standards, such as the PCI DSS, require regular penetration testing.
There are an increasing number of tools available that, according to their manufacturers, offer automated penetration testing, going beyond vulnerability scanning to uncover a wider range of security issues. However, in our experience, successful penetrations of systems involve not only the discovery of specific vulnerabilities, but the chaining of individual vulnerabilities together to create a path through the various components of an entire system.
Penetration testing by experienced and skilled individuals, is always required to fully test a system. Testing requires a high level understanding of the system and its purpose, and the ability to relate the significance of specific results across an entire array of systems.