Identify your risks to cyber attacks in real-time
A penetration test, also known as a pen test, is a simulated cyber attack against your network to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).
Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.
Planning and reconnaissance
Defining the scope and goals of a test, including the systems to be addressed and the testing methods to be used. Gathering intelligence (e.g., network and domain names, mail server) to better understand how a target works and its potential vulnerabilities.
The next step is to understand how the target application will respond to various intrusion attempts. Static analysis – Inspecting an application’s code to estimate the way it behaves while running. Dynamic analysis – Inspecting an application’s code in a running state. This is a more practical way of scanning, as it provides a real-time view into an application’s performance.
simulated access & analysis
This stage uses web application attacks, such as cross-site scripting, SQL injection, and backdoors, to uncover a target’s vulnerabilities. The results of the penetration test are then compiled into a report detailing: Specific vulnerabilities that were exploited Sensitive data that was accessed The amount of time the pen tester was able to remain in the system undetected
External penetration tests target the assets of a company that are visible on the internet, e.g., the web application itself, the company website, and email and domain name servers (DNS). The goal is to gain access and extract valuable data.
In an internal test, a tester with access to an application behind its firewall simulates an attack by a malicious insider. This isn’t necessarily simulating a rogue employee. A common starting scenario can be an employee whose credentials were stolen due to a phishing attack.
Cyber Tech generates a report during the assessment and is ready immediately afterward for you and your team.