A penetration test evaluates the ability of a computer, network or software application to withstand a cyber attack. The test and its associated penetration test report are essential audit tools for the cyber risk assessment of an IT system. They are used as a practical guide to improve the security of an IT system and to meet the organisational requirements for compliance to standards that include the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001.
What is a penetration test?
Penetration testing or ethical hacking uses a series of automated and manual processes to discover the security weaknesses in an IT network, web site or application. Performed with the permission of the system owner, security vulnerabilities are identified and exploited to demonstrate how they can be used to facilitate a cyber attack. Measures and controls to prevent or mitigate the impact of an attack are recommended for each major vulnerability.
What is a vulnerability assessment (VA)?
A vulnerability assessment involves the use of software tools that automatically scan computers, networks, web sites and software applications for security weaknesses. Commercial vulnerability scanners include Nessus, Metasploit and Acunetix. Vulnerability scans are performed at the start of every penetration test to quickly provide a comprehensive list of all known insecure network configurations and vulnerabilities.
Simulated attack and exploitation
The weaknesses identified by vulnerability assessment are manually reviewed and ranked by their potential impact on the organisation. Using the techniques and tools employed by hackers, our experienced penetration testers perform simulated exploits on the vulnerabilities with the highest risk. Each manual exploit is fully documented to demonstrate the attack strategy, its methodology and where possible, factual evidence of exploitation.
Penetration test report
The Wizard Cyber Penetration Test Report includes an overview of the tests performed, an executive management summary, a technical summary and a technical detail section. The Common Vulnerability Scoring System (CVSS) describes the principal characteristics of a vulnerability and defines a numerical score reflecting its potential severity of impact. Remedial activities that prevent or mitigate the cyber exploits associated with each vulnerability are identified and linked to references that provide further detailed background information.
The Wizard Cyber penetration testing service is delivered by an experienced team who are certified by CREST (the Council of Registered Security Testers) and have over 15 years of combined experience in the field of information assurance and penetration testing. They are guided by the best practice testing methodology as published by OWASP, OSSTMM, CVSS and the SANS Institute.
Some error has occured.