What is a Penetration Test?
Called by several similar names, including: Penetration Testing, PT and Resilience Tests – the term refers to a test during which a cyber-attack is attempted at a corporate network or application.
The operation is performed by highly skilled specialists with extensive professional training and knowledge, called penetration/resilience testers, also known as white hats or ethical hackers. These persons undergo a series of credibility checks.
The penetration testing world is roughly divided into two: applicative and infrastructural.
- Infrastructure Penetration Testing is about hacking into computing infrastructures, for example: operating systems, services that run on computers like FTP and SMB, hubs and routers, control systems, authentication systems like Domain Controller (DC) and more. The tests are performed outside and within the organization, as well as in Cloud systems where clients establish their independent IaaS infrastructures.
- Applicative Penetration Testing is about the ability to hack into server and client applications, including cellular ones, WEB and API interfaces and more. Here, too, some tests are performed outside and within the network; The same goes for Cloud-based systems.
Tests are conducted according to various protocols, like the Black box protocol, where no prior information about the system is provided; Gray box protocol, where partial information is provided; and White box protocol, where all data and objectives are shared with the expert, who is also consulted on all aspects of the architecture’s security level.
We use world-leading methodologies, like OWASP, NIST 800-53, as well as the Cyber Directorate Guidelines.
Examples for Penetration Test types:
Penetration test type | explanation |
Penetration Test for Mobile Apps | This Mobile Penetration Test comprises a set of tests that focus on detecting weaknesses in apps developed for Android and iOS devices. |
Infrastructure penetration test | the purpose of which is to combine several MITER-based attack vectors. The specialist applies lateral movement techniques, trying to take over the organization’s computerized systems. |
Applicative Penetration tests | this category includes websites, internal/external portals, API and more. The tests are based on OWASP, and the comprehensive findings help developers to handle them most accurately. |
Penetration test for Cloud Systems | these incorporate both applicative and infrastructural penetration testing. The computerized system of many companies is Cloud-based or sometimes even stored on several Clouds. Therefore, it must be examined by specialists to evaluate the systems’ hardening level. |
IoT Penetration Testing | a unique MADSEC service during which the tester disassembles the device and tries to connect and test the system’s hardening level. This test also incorporates electronics and is considered a premium service. |