A penetration test is an authorized simulated attack on a computer system, performed to evaluate the security of the system.
Objectives
- Identify or confirm assessment scope/targets
- Assess targets within scope for the presence of software, service or operating system vulnerabilities
- Attempt exploitation of identified vulnerabilities to meet pre-determined client objectives or goals
Types
- White box - All target information is disclosed to the assessment team
- Black box - No target information is disclosed other than the start point (IP/Domain etc)
- Gray box - A combination of Grey and Black box penetration tests
Deliverables
An actionable, remediation report which contains all identified vulnerable conditions, finding of attack path and recommended fix actions
Post-assessment debrief with client
