What is penetration testing?

Penetration testing (or pen testing) is a security practice where a cyber-security expert tries to find and exploit weaknesses in a computer system. The goal of this simulated attack is to discover any gaps in a system’s defenses that attackers could use.

This is similar to a bank hiring someone to pretend to be a burglar and attempt to break into their building and access the vault. If the ‘burglar’ succeeds and gets into the bank or the vault, the bank will learn valuable information on how they need to improve their security measures.

Who performs pen tests?

It’s better to have a pen test done by someone with little or no prior knowledge of how the system is secured because they might be able to reveal blind spots that the developers who built the system missed. For this reason, outside contractors are usually hired to do the tests. These contractors are often called ‘ethical hackers’ because they are hired to hack into a system with permission and for the sake of increasing security.

Many ethical hackers are experienced developers with advanced degrees and a certification for pen testing. However, some of the best ethical hackers are self-taught. In fact, some are former criminal hackers who now use their skills to help fix security flaws instead of exploiting them. The best candidate to do a pen test can vary a lot depending on the target company and what kind of pen test they want to start.

What are the types of pen tests?

• Open-box pen test - In an open-box test, the hacker will get some information beforehand about the target company’s security info.
• Closed-box pen test - Also known as a ‘single-blind’ test, this is one where the hacker gets no background information except the name of the target company.
• Covert pen test - Also known as a ‘double-blind’ pen test, this is a situation where almost no one in the company knows that the pen test is happening, including the IT and security professionals who will respond to the attack. For covert tests, it is very important for the hacker to have the scope and other details of the test in writing before to avoid any problems with law enforcement.
• External pen test - In an external test, the ethical hacker attacks the company’s external-facing technology, such as their website and external network servers. In some cases, the hacker may not even be allowed to enter the company’s building. This can mean doing the attack from a remote location or doing the test from a truck or van parked nearby.
• Internal pen test - In an internal test, the ethical hacker does the test from the company’s internal network. This kind of test is useful in finding out how much damage an unhappy employee can do from behind the company’s firewall.

How is a typical pen test carried out?

Penetration testing (pen testing) commences with a reconnaissance phase, wherein an ethical hacker dedicates time to gathering data and information necessary for planning their simulated attack. Subsequently, the focus shifts towards attaining and maintaining access to the target system, necessitating a diverse range of tools.

The arsenal of attack tools encompasses software explicitly designed to execute brute-force attacks or SQL injections. Additionally, specialized hardware tailored for pen testing exists, such as discreet compact devices capable of being connected to a computer within the network, thereby providing the hacker with remote access to that particular network. Furthermore, an ethical hacker may leverage social engineering techniques to identify vulnerabilities. For instance, they may deploy phishing emails to deceive company employees or even assume disguises as delivery personnel to gain physical access to the premises.

The conclusion of the pen test involves the hacker obliterating any traces of their activities. This entails removing any embedded hardware and employing all available means to evade detection, ensuring that the target system remains unchanged, exactly as they found it.

What happens in the aftermath of a pen test?

Upon concluding a penetration test, the ethical hacker will communicate their findings to the security team of the targeted company. Subsequently, this information can be leveraged to enact security enhancements that address any vulnerabilities identified during the test. Such improvements may encompass the implementation of rate limiting, establishment of new web application firewall (WAF) rules, deployment of DDoS mitigation measures, and reinforcement of form validations and sanitization processes.