Sometimes called “pen testing” for short, penetration testing is a method of evaluating the security of a computer system or network by simulating an attack in order to find vulnerabilities that a malicious attacker could exploit.
Attackers could be malicious outsiders (who do not have an authorized means of accessing the organization’s systems) and malicious insiders (who have some level of authorized access). Both have to be accounted for.
Penetration testing is an evolving area of IT security practice.
Some sources of information about penetration testing and the types of tests that can be performed are:
- Wikipedia: Penetration Testing
- Institute for Security and Open Methodologies: Open Source Security Testing Methodology Manual (OSSTMM)
- SANS Institute1: SANS InfoSec Reading Room – Penetration Testing
- Penetration Testing Execution Standard: PTES Home Page
Assuring Adequate Testing
Some IT security practitioners have estimated that up to 80 per cent of penetration testers do not perform adequate tests, while charging top dollar for their services.
This can only happen to you if you fail to include these five critical test planning and execution actions:
1. Account for the interests of your stakeholders
2. Develop testing goals and specific results requirements
3. Establish a clearly written scope for testing
4. Define the testing rules of engagement
5. Include a 3rd party review of test plans and test results
Success in Testing: Clearly Actionable Results
Assistance with Testing
RBCS can provide you with assistance in test planning, assembling a test team, assuring adequate testing, and reviewing plans and results. We can also provide you with fully qualified testing resources.
Call us to review your need and see if we can help: (949) 831-6788.