Penetration testing simulates an attacker attempting to gain access to a specified target server, application, ICT system or asset. It should be carried out whenever a new application, server, ICT system or network device is being deployed or the configuration of an Internet-facing service has changed. Penetration testing and vulnerability assessments use both automated and manual toolsets to provide greater coverage. Manual testing provides a more through level of assurance as this includes an element of
human hacking or intuition factor that a real person would use that an automated scanner may miss.
Vulnerabilities or weaknesses often exist within systems and penetration testing can be used to quantify how easily any identified vulnerability can be exploited. See also application code review.
Penetration testing typically includes:
- Network discovery - establishes an Internet "footprint" (what does the system look like from the Internet)
- Network scanning - external and internal scanning
- Internet profiling - vulnerability testing of all Internet devices
- Network device test - servers, firewalls, routers, ICT systems and assets
- Web application testing - web applications and front facing client applications
- Mobile applications – mobile device applications for Android, Apple iOS, Blackberry and Windows Mobile (see mobile & wireless review)
A standard review takes approximately three to five days.
Department of Internal Affairs (All of Government Certified Services & Common Capability ICT): ICT-SRS Panel (CCPSA-SRS)
- Information Security Risk Management and Assessment
- Information Security Governance and Strategy
- Information Security Assurance
- Source Code and Application Review and Technical Testing
- ICT Forensics, Investigation and Security Incident Response
Get in touch for more information about how we can help.^ BACK TO TOP