At some point you will have asked yourself: would a hacker be able to gain access to our office network? Or one of our (web) applications? And having gained access, what could he or she then do? A pen test provides you with the answers to these questions.
What is a pen test?
A pen test (or penetration test) is an investigation whereby a security specialist uses all his ‘hacker mindset’ combined with all available means and information to discover how far a hacker could penetrate your systems. They will also look at what the possible impact of such an attack would be. A pen test is timeboxed, which means that it is carried out within a fixed period of time.
What do we do during a pen test?
Our ethical hackers start by charting your systems and the so-called "attack surface". They then turn their attention to parts that may look interesting or promising, and they try to penetrate there. For this purpose they make use of a combination of well-known vulnerabilities as well as vulnerabilities they find along the way, and from existing tools in combination with solutions they have built themselves. If this succeeds, they go on to find out which sensitive information and access is available and they continue trying to penetrate further. If they are unsuccessful in that, then they will turn their attention to the next promising lead in your systems.
In this way they simulate the working methods of a hacker with malicious intentions and they make clear what the impact of a hack could be.
What do you get after a pen test?
We discuss the results of a pen test personally with you. You will be informed about the possible vulnerable points and, where necessary, we discuss the subsequent steps you can take to better protect your organisation.
Is a pen test the right means for your objective?
Since a pen test is primarily aimed at penetrating systems, it is important to clearly determine in advance whether that is actually the desired objective of the investigation. If you want to achieve a full picture of all the vulnerabilities in your systems that could be abused, then a vulnerability assessment is a more suitable solution. This would also provide your developers with more concrete pointers for securing specific applications. However, if you do wish to gain a real impression of the state of your security and what the possible impact of a hack could be, then a pen test is a good means for doing so.