What is penetration testing?
Penetration testing (oftened referred to as pentesting) is a systematic process of probing for vulnerabilities in your applications and networks. It is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find your organizations weaknesses. In the US, many organizations use penetration testing to simulate hacker attacks.
The pentesting process involves assessing your chosen systems for any potential weaknesses that could result from poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.
An experienced penetration tester can mimic the techniques used by criminals without causing damage. These tests are usually conducted outside business hours or when networks and applications are least used, thereby minimizing the impact on everyday operations.
Why conduct a penetration test?
An organization should carry out a penetration test:
- In response to the impact of a serious breach on a similar organization
- To comply with a regulation or standard, such as the PCI DSS (Payment Card Industry Data Security Standard) or the EU GDPR (General Data Protection Regulation)
- To ensure the security of new applications or significant changes to business processes
- To manage the risks of using a greater number and variety of outsourced services
- To assess the risk of critical data or systems being compromised