A penetration test is a means of evaluating the security of a system by actually attacking it. A True penetration test will put your company's security controls under fire so you can see how they would hold up under a real attack.
- Penetration testing is NOT vulnerability scanning.
- Vulnerability scanning is an automated process that tests for security flaws on a computer or network.
- Penetration testing goes to the next level by exploiting vulnerabilities to accomplish an attack.
Penetration tests can be conducted in several ways. A True security professional will work with you to determine the set of activities that will provide the most benefit for your organization. Ultimately, with True, you set the rules.
- You determine the test scope: True can target a single system, such as a web or email server; a set of systems, such as your DMZ; or your entire enterprise.
- You determine the level of tester knowledge: The True team can be provided varying levels of information about the target (s):
- No knowledge (i.e. black box) - True team is given no information about the target(s).
- Partial knowledge (i.e. gray box) - True team is provided some information about the target system(s).
- Full knowledge (i.e. white box) - True team is armed with full knowledge of the target(s). Interviews will be conducted with system owners, and network diagrams and other system documentation will be collected and analyzed.
- You determine the level of exploitation: True will exploit discovered flaws to the level desired by your organization.
- Actual Exploitation -The True team will take advantage of the vulnerabilities identified just like a hacker would. This approach involves stealing employee credentials, privilege escalation, and code execution on targeted systems.
- Modeled Exploitation - For companies that can't chance the down time, True has designed an innovative method in which exploitation and potential damage are modeled rather than realized.
Upon completion, you will receive a report detailing all testing activities, the results, and specific recommendations for moving forward.
Benefits:
- Variety of testing options allows you to choose the most appropriate type of penetration test. This approach provides maximum value to your organization.
- True's testing approach isn't elusive or ambiguous. You will receive details of all testing activities - including what we found, how we found it, and how to fix it.
- True penetration test evaluates the effectiveness of your security controls and helps you focus remediation where it is needed most.
