A penetration test (aka pentest) is an authorized attack on computer systems with the intent of exploiting vulnerabilities to identify security weaknesses. It is a critical component of a vulnerability management program because it tests operating systems, applications, configurations, and the security controls that protect systems on a network.
Penetration testing is considered a security best practice and demonstrates due diligence to security auditors. It is also a requirement for mandates such as PCI. A penetration test will test your perimeter security controls and will provide guidance on where to spend your budget for the maximum return on your investment.
Test results provide an understanding of threats to your systems. This knowledge allows you to build secure systems and improve the security of those systems that are already deployed in your organization. At the close of a penetration test, a detailed report that includes an executive summary of findings, root cause analysis, scored findings, and a remediation roadmap is delivered to the requesting organization.
DataPrivia knows that one person can’t keep up with every security threat so we perform penetration testing as a red team process. Our team consists of systems, network, and application penetration experts working collaboratively to make certain that your environment is thoroughly tested. We use the following steps to discover, compromise, and communicate our findings to our clients.
- Reconnaissance – Foot printing, vulnerability scanning, and enumeration
- Vulnerability validation testing – all known exploit code that is relevant to the test scope is executed
- Manual penetration testing including password guessing and cracking
- Application Vulnerability Validation
- Report development
A Success Story
DataPrivia’s penetration team conducted a penetration test for a global manufacturer and retail organization. This organization had an internal security group staffed with extremely competent security professionals. During the discovery phase of the engagement, DataPrivia discovered a misconfigured portal that was used to exploit the network. Within minutes we were able to gain access, elevate privilege level, and access the organization’s most critical data.
While our customer had a very talented security team, they recognized the need for another set of eyes and it paid off. DataPrivia escalated the critical findings and worked with our customer to resolve the discovered vulnerabilities.
For more information
855-4-PRIVIA (855-477-4842) OR [email protected]