Penetration testing is the testing of networks and their components for security weaknesses. Our consultants could carry these tests with no knowledge of the network, or as authorized users having restricted knowledge of the network. The test is conducted remotely via the Internet on the IP address, the URL specified by the client, or at the client site (for internal penetration testing).
Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.
- Light perimeter test — Testing the strength of the perimeter from a remote location.
- Full perimeter test — Verifying the security of the perimeter, the servers in the DMZ with remote exploitation of DMZ and accessible internal systems.
- Internal test — The ‘trusted insider’ test, where our consultants launch this test from inside the client’s network, with internal exploitation.