A penetration test (pen test) is a cyber-attack (security test) against your devices to check for vulnerabilities and weaknesses. It is a technique that companies can use to identify, test and highlight areas that need protecting. It is effectively mimicking a cyber-attack in order to evaluate how easy the computers security systems would be to attack.
Pen tests start with a phase of reconnaissance, during which an ethical hacker spends time gathering data and information that they will use to plan their simulated attack. After that, the focus becomes gaining and maintaining access to the system.
There is hardware specifically designed for pen testing, such as small boxes that can be plugged into a computer on the network to provide the hacker with remote access to that network. In addition, an ethical hacker may use social engineering techniques to find vulnerabilities. For example, sending phishing emails to company employees.
The hacker finishes off the test by covering their tracks, this means removing any embedded hardware and doing everything else they can to avoid detection and leave the target system exactly how they found it.
There are five main stages of penetration testing as outlined below:
1.Planning and Reconnaissance – This stage involves gathering intelligence for example network and domain names in order to gain access.
2. Scanning – There are two types of analysis static analysis and dynamic analysis. Static analysis is where the pentester inspects the applications code to understand how it behaves while running. Dynamic analysis is where the pentester inspects the code whilst it is running.
3. Gaining Access – After scanning, the pentester will then gain access to the network, to do this it will involve web application attacks to expose the targets vulnerabilities. Once they have identified the weak spots they will then begin to access and steal data and personal information.
4. Maintaining Access – During this phase the pentester will mimic a hacker’s ability to stay undetected within the system and see if this is possible and if so for how long.
5. Analysis – The findings will be put in to report and highlight the vulnerable areas and what data was breached. This will enable the company to fix any security issues they may have.
New ways to hack into our devices and systems are invented every day by cyber criminals therefore regularly carrying out these tests can identify ways the hackers can gain access to personal information data. Once a pen test has been carried out it can give you an understanding of the security issues you have therefore being able to fix this before your data is breached.
Date: November 15, 2021