What is Penetration Testing?
A penetration test (or pen test) is a legal attempt at gaining access to a protected computer system with the intention of identifying potential security loopholes in that system. Providing an excellent view of the actual security state of an environment as well as the organisation security state.
The primary objective for a penetration test is to identify exploitable vulnerabilities before hackers are able to discover and exploit them.
Basically there are three types of penetration tests: Black, White and Grey box testing; Black box testing is where the third party tester in not provided with any information about the system or network to be tested. In White box testing, testers are given most of the information they need including source codes, IP addresses and network diagrams. Using this information, they would then be required to identify any weaknesses in the system. Grey box testing is the name for a combination of both black and white penetration tests.
Why do you need a Penetration test?
Ponemon stated that more than 50% of businesses suffered a Cyber-Attack within the last year. We see more and more security breaches and they are being done with a growing complexity. There is no doubt that penetration tests are very important where information security is paramount. Here are some benefits of investing in penetration testing:
MEETING COMPLIANCY WITH INDUSTRY STANDARDS
ISO 27001 demands that all organisations conduct regular penetration tests and reviews on all their systems. These tests are to be performed by competent testers. The Payment Card Industry Data Security Standard (PCI DSS) requires both annual and ongoing penetration testing (after any system changes).
PEACE OF MIND
Reassurance that your valuable data is as secure as possible. Threats from cyber criminals, internal threats and malware are being dealt with.
REALISTIC INSIGHTS
Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software.
AWARENESS
Know where the company stands in terms of security. And of the ability of network defenders to successfully detect and respond to the attacks. Just as the old adage goes, a chain is only as strong as its weakest link. Until you know how attackers see your system, you can’t tell when they are going to strike.
EVIDENCE TO SUPPORT INCREASED INVESTMENTS
Gain evidence to support investments in security personnel and technology.
PROTECT YOUR COMPANY’S REPUTATION
Demonstrate to your business partners, regulators and suppliers that you take cyber security seriously.
Companies using our pen-tests service
Why work with Fortytwo?
It is essential you choose an experienced penetration-testing partner with real-world knowledge that can help. Fortytwo is trusted by many companies worldwide, big and small, to secure and navigate them through the cyber security field. Work with Fortytwo and you’ll benefit from:
+ EXPERIENCE
Our highly skilled team leaders have more than 15 years of information security experience. While a penetration test may involve use of automated tools and process frameworks, the focus is ultimately on the individual or team of testers, the experience we bring to the test, and the skills in the context of an active attack on your organization. So you’ll know what the real-world effectiveness is of your existing security controls against an active, human, skilled attacker.
FULLY ACCREDITED
Our team holds a range of accreditations including QSA, CISSP, CCSA and CISA.
PROVEN METHODOLOGY
We developed a proprietary approach to assessing information security risks. It’s more than a checklist of questions and recorded answers. Our approach gives you a full picture of your risks (prioritized and rated) with recommended solutions, so you know which security investments will have the greatest impact.
CUSTOMISED
We develop custom penetration tests that suit your company profile.
HIGHLY SATISFIED CUSTOMERS
We provide value to our clients on a consistent, ongoing basis and we are proud of our long-term client relationships.
FULL TRANSPARANCY
We believe in empowering our clients. The more knowledge transfer occurs during our engagement, the more value our customers recognise. Our team fully discloses the methods, tools, and configurations used to perform analysis work for our customers in the hope that they can easily adopt our processes for their future benefit.
CLEAR COMMUNICATION
In our work and proposals, no unexpected surprises. We strongly believe in providing easy to understand reporting.
EXTRAORDINAIRY SERVICE AND SUPPORT
We truly care for your data security. Always providing and delivering professional, helpful, high quality service and assistance before, during and after your requirements are met.
How we work
We follow a transparent work process:
Start
We will work together to define the critical applications, systems and networks to be included.
Penetration test
Our experienced team performs hands-on interactive testing incorporating a wide range of attack methodologies.
Reporting
We provide you with detailed information regarding identified issues, automatic critical risk reporting and a comprehensive final test report.
Insight
We provide you with specific insight on how we entered your system and what to do to fix it.