The thought must have crossed your mind: could a hacker gain access to our office network? Or to one of our (web) applications? And once they are inside, what could he or she do? A pentest provides the answers to these questions. There are different types of pentests; the best solution depends entirely on the customer's requirements. We can always help.
What is a pentest?
A pentest (or penetration test) is an investigation in which a security specialist with a 'hacker mindset' uses all possible means and available information to discover how far a hacker can penetrate into a system. The specialist also looks at the potential impact of such an attack. A pentest is time-boxed, which means it is carried out within a specified time frame.
A pentest can be performed on a web application (website), an internal network or an office network, or on your entire ICT infrastructure. In addition, a pentest or penetration test can be performed as a 'white box' pentest (the hacker gets all the information about the system beforehand), a 'black box' pentest (the hacker gets no information about the system) or a 'grey box' pentest (the hacker gets limited information about the system to be tested).
What do we do during a pentest?
Our ethical hackers start by charting your systems and the so-called "attack surface". They then turn their attention to parts that may look interesting or promising, and they try to penetrate there. For this purpose they make use of a combination of well-known vulnerabilities as well as vulnerabilities they find along the way, and from existing tools in combination with solutions they have built themselves. If this succeeds, they go on to find out which sensitive information and access is available and they continue trying to penetrate further. If they are unsuccessful in that, then they will turn their attention to the next promising lead in your systems.
In this way they simulate the working methods of a hacker with malicious intentions and they make clear what the impact of a hack could be.
What do you get after a pen test?
Our ethical hackers start by mapping out your systems and the so-called "attack surface". They then focus on parts that look interesting or promising and try to find a way in there. To do so, they take advantage of both known vulnerabilities and vulnerabilities they discover as they go and they use a combination of proven tools and self-built solutions. If they succeed, they identify which sensitive information and access is present and try to penetrate further. If they are not successful, they focus on the next system that looks interesting.
In this way, they simulate the working method of a hacker with malicious intent, and they reveal what the impact of a hack can be.
What do you get after a pentest?
The results of a pentest are always discussed in person. The Computest hacker compiles a very comprehensive security report and hands it over to the customer. During the meeting, all possible vulnerabilities are discussed, along with follow-up steps to help you better protect your organisation if necessary. If the hacker finds significant vulnerabilities during the test, he will obviously not wait for the scheduled meeting to communicate them.
Our specialists excel in their commitment, flexibility and social skills. Despite – or perhaps thanks to – their years of experience, they are able to convey complex subject matter in understandable language. They are always keen to share their knowledge in order to increase the security level of your organisation. A meeting to discuss the report at the customer location is therefore an important part of all our security tests. In this way, we make sure you really get maximum value from the pentest.
Different types of security or pentests
The wide variety of terminology used in the security domain can be confusing. Many terms overlap and many are used in different ways. Even a pentest seems to mean something different for every supplier. In addition, there are all the standards you can choose from and all the different certifications. We notice that many organisations that embark on security testing are wrestling with this challenge. If you want extra information about the different standards and different certifications, you can contact us: firstname.lastname@example.org
Is a pentest the right tool for your objective?
Because a pentest is primarily aimed at penetrating systems, it is important to decide clearly in advance whether this is actually the desired objective of the investigation. Because if you want to gain a complete picture of all the possible vulnerabilities that could be exploited within your systems, a vulnerability assessment is actually a more suitable solution. It also gives your developers more concrete tools for securing specific applications. But if you want an impression of the state of your security and the potential impact of a hack, then a pentest is a good tool.
Read others' experiences of Computest pentesting
Every company needs its own unique approach in the field of security – after all, what is a big risk for one may not apply to another. Below are some business cases of companies that have already had a pentest performed by Computest ethical hackers. Read what they value about our approach and how Computest has helped them to increase their security.
Cryptocurrency platform LiteBit enhances security with the help of pentesting by Computest.