Penetration testing ("pen testing") can be broadly defined as a specific test at a defined target. In terms of cyber security, it is often thought of as a kind of 'controlled hacking', whereby a tester seeks to find security vulnerabilities in the system they are testing.
Benefits of Penetration Testing
ECSC can test your internal and external networks, and also particular applications, to find security vulnerabilities that could allow attackers to gain network access from the Internet, acquire administration login credentials, or extract confidential information such as credit card details.
The vulnerabilities identified by a penetration test enable you to see the weaknesses in your organisation and target your resources accordingly. This could help to prevent a breach in the future. The outcomes from the test may also help to provide a more general overview of your information security posture.
When should I carry out Penetration Testing?
Testing should be carried out regularly to ensure your network and systems are protected against the latest threats. It is also a good idea to carry out penetration testing when new networks are created or existing networks are modified.
Penetration testing may also be a contractual requirement, and some standards, such as PCI DSS and ISO 27001, require it to be carried out regularly. Some vendors may be required to carry out a penetration test on behalf of certain regulated or accredited clients.
All our tests will culminate in the production of a report that aims to explain the outcome of the test in sufficient technical detail to aid internal IT teams with remediation, but also provide an overview in a format that is easy for management to translate into action.