What is Penetration Testing?
A penetration test is a threat emulation exercise, where we, the pen test team emulate a particular threat to determine if your organization is vulnerable to compromise by this threat actor. The threat actors we most commonly emulate are:- External, or Internet-borne attackers
- Internal attackers, or malicious insiders
Types of Penetration Testing
- Web application pen testing – a deep dive into all facets of the target web application, using all the available roles or privilege levels within the application
- Network pen testing – we analyze the host operating system and services running
- Mobile app pen testing – we test IOS and Android applications and how they communicate with the API endpoint
- Hardware pen testing – typically a mix of analyzing the hardware, firmware, and operating system to determine if vulnerabilities exist
- Social engineering – We can conduct a wide range of tests to determine how well your users are trained to detect suspicious activities, but we most commonly perform phish testing
- Landline/modem testing – believe it or not, some systems are still connected to landlines and modems, which we test by dialing up