Penetration Testing

Test Date: 28/06/2012

All rights reserved to Security Audit, 2012.
No part o this pu!licatio", i" #hole or i" part, $ay !e reproduced, copied, tra"serred or a"y other right
reserved to its copyright o#"er, i"cludi"g photocopyi"g a"d all other copyi"g, a"y tra"ser or tra"s$issio"
usi"g a"y "et#or% or other $ea"s o co$$u"icatio", a"y !roadcast or dista"t lear"i"g, i" a"y or$ or !y a"y
$ea"s such as a"y i"or$atio" storage, tra"s$issio" or retrieval syste$, #ithout prior #ritte" per$issio"
ro$ the author.
&'ecutive (ul"era!ility Threat Su$$ary
What is Penetration Testing?
A )e"etratio" Test, also %"o#" as a )e" Test is a legal atte$pt at gai"i"g access to your
protected co$puter syste$s or "et#or%s, ote" co"ducted !y a third party orga"isatio".
The purpose o the test is to ide"tiy security vul"era!ilities a"d the" atte$pt to successully
e'ploit the$ i" order to gai" so$e or$ o access to the "et#or% or co$puter syste$.
Should a successul co$pro$ise ta%e place, the la#/vul"era!ility is classiied i"to a threat
level or the orga"isatio"* typically lo#, $ediu$ or high. +ost pe"etratio" tests are
co"cluded #ith a detailed report o" the security i"di"gs alo"g #ith re$edies or the
threats.
What are the most common types of Penetration Tests?
T#o o the $ore co$$o" types o pe"etratio" tests are !lac% !o' a"d #hite !o'
pe"etratio" testi"g. ," a !lac% !o' test, "o prior %"o#ledge o the corporate syste$ is give"
to the third party tester. This is ote" the $ost preerred test as it is a" accurate si$ulatio"
o ho# a" outsider/hac%er #ould see the "et#or% a"d atte$pt to !rea% i"to it. A #hite !o'
test o" the other ha"d is #he" the third party orga"isatio" is give" ull ,) i"or$atio",
"et#or% diagra$s a"d source code iles to the sot#are, "et#or%s a"d syste$s, i" a !id to
i"d #ea%"esses ro$ a"y o the availa!le i"or$atio".
Should I hire a Penetration Tester?
-te", this co$es do#" to the si.e o the orga"isatio" a"d level o u"di"g availa!le to put
i"to the security side o the !usi"ess. +ost pe"etratio" tests are priced !y ,)/"ode or
a$ou"t o ti$e esti$ated the pro/ect #ill ta%e to co$plete. ,t also depe"ds o" the type o
test you as% or. 0ertai" types o tests ca" !e co"ducted auto$atically, #hereas others
re1uire a lot o $a"ual #or% to validate certai" security sta"dards.
Typically or a s$all to $ediu$ #e!site, a pe"etratio" test #ould start at arou"d 210003
22000 a"d scale up#ards ro$ there.


,"troductio" to )e"etratio" Testi"g

)age 2

What are the advantages of a Penetration Test?
4avi"g a pe"etratio" test co"ducted ca" !e e'tre$ely useul to people #ho #ish to get e'tra
reassura"ce #he" it co$es to critical #e! aci"g syste$s, ho#ever they ca" also !e useul i" a
variety o other #ays, such as:
• Testi"g a Syste$ Ad$i"istrator to see i he is %eepi"g syste$s updated a"d secured.
• 0o$plia"ce 5 the )ay$e"t 0ard ,"dustry 6)0,7, #he" operati"g a" o"li"e pay$e"t
syste$.
• 8is% reductio" a"d ris% $itigatio" actors or i"sura"ce or other i"dustries.
• )rotectio" o 0o"ide"tially, ,"tegrity a"d Availa!ility 60,A triad7 o data
Are there alternatives to Penetration Testing?
9es, there are "et#or% sca""ers availa!le, ho#ever i you do":t %"o# e"ough a!out the
security results displayed i" a sca""er or ho# to co"ir$ the results are "ot alse positives, it is
highly advised you see% out proessio"al help, rather tha" ta%i"g a cha"ce a"d putti"g your
!usi"ess at ris%.
Conclusion
A pe"etratio" test is useul service i your !usi"ess ca" /ustiy the e'pe"se a"d i$porta"ce o
havi"g its #e! aci"g e1uip$e"t properly secured. 8est assured that cy!ercri$e is a gro#i"g
pro!le$, costi"g !usi"ess a"d the gover"$e"t $illio"s each year. The cy!er cri$i"als do":t
loo% to !e givi"g up a"yti$e soo" a"d #ith all this $o"ey to !e $ade !y the$ o"li"e, #ho:s to
say your !usi"ess #o":t !e "e't;

,"terested i" getti"g a )e"etratio" Test; <or urther i"or$atio" please visit:
###.security3audit.co$
)e"etratio" Testi"g
Security Audit Systems.