+27(0)105 410-637
+263 78 516 2215Penetration testing (or pen testing) is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system or network. The purpose of this simulated attack is to identify any weak spots in an organization’s defenses which attackers could take advantage of….
Penetration testing is part of a holistic cybersecurity strategy.
In an open-box test, the hacker will be provided with some information ahead of time regarding the target company’s security controls.
Also known as a ‘single-blind’ test, this is one where the hacker is not given background information besides the name of the target company.
Also known as a ‘double-blind’ pen test, this is a situation where almost no one in the company is aware that the pen test is happening, including the IT and security professionals who will be responding to the attack. For covert tests, it is especially important for the hacker to have the scope and other details of the test in writing beforehand to avoid any problems with law enforcement.
In an external test, the ethical hacker goes up against the company’s external-facing technology, such as their website and external network
servers. In some cases, the hacker may not even be allowed to enter the company’s premises and must conduct the attack from a remote location.
In an internal test, the ethical hacker performs the test from within the company’s internal network. This kind of test is useful in determining how much
damage a malicious insider can cause from within the company’s internal network.
Segmentation testing verifies that segregation between network segments like your DMZ and internal networks is implemented and ensure that the communication between these networks is restricted.