Written by Silvia Bitchkei on 1 August 2017

The Elements of a Quality Penetration Test

 

Penetration testing (or pen testing) should be part of every IT security team’s toolkit. There is no better way to ensure your systems are safe from attack than to deploy your own red team to attempt a breach. But what are the elements to a high-quality pen test? We recommend these five steps.

 

 

  1. Identify a vulnerability.

This step begins with a vulnerability assessment (VA). Work with a trusted partner to perform your VA, because the output will likely rival the phone book in size. Make sure you have someone knowledgeable to guide you through the process. Work together to determine which assessed vulnerabilities are most concerning and warrant pen testing as the next step toward repairing weaknesses.

 

  1. Design an attack.

Once you’ve identified a target system and a particular goal, do your reconnaissance work. Gather whatever data and information you can about the pen test target, and conduct a scan of the current system defenses. With this information in hand, create a plan to gain access to the target.

 

  1. Deputize your red team.

Assign the pen test to ethical hackers. A partner can help you recruit the most skilled team to play the role of cyber criminal.

 

  1. Determine your exposure.

If the red team is able to breach your defenses, what kind of data would they be able to steal from your critical systems? And what is the potential value of that data if it were to fall into the wrong hands?

 

  1. Act on your findings.

The moment the pen test breaches its target is just the beginning. It is the starting point on the highest priority project on your IT security to-do list. Managed security services can be an asset in making sure that what you do next cost-effectively protects your IT infrastructure, meets compliance regulations and strengthens your vulnerabilities.

 

Ready to learn more about the elements of a quality pen test? Download our free e-book, “Pen Testing: Thinking Like Your Enemy Yields World Class Security.”

Download Penetration Testing: Think Like Your Enemy

Related Posts

Don't Wait.
Get a quote today.

Toll Free 1 866-430-8166Free Quote
Secure Your Organization Today.
phone-handsetmagnifiercrossmenu