Penetration testing has become increasingly important to organizations of all sizes, as cyber-crimes increase and attackers run rampant. Identifying vulnerabilities and testing security infrastructure before a hacker attacks can save organizations hundreds of thousands of dollars in damage repair in the long run.
Starting a pen testing effort in your organization can be daunting, with questions about what to look for and where to begin. We sat down with our own penetration testers, Senior Security Consultant Aaron Herndon and Security Consultant Whitney Maxwell, to answer some of your questions about what exactly pen testing entails:
Would you recommend an internal or external penetration?
According to our experts, it’s best to do both internal and external penetration testing. Some organizations try to keep the scope of an engagement focused on external penetration tests, especially if they don’t have to meet a compliance regulation that requires them to conduct internal tests. However, both testers strongly recommend against that, as only external tests take electronic social engineering and other attack vectors off the table. This means that your test could miss important doorways to phishing attacks and give you a false sense of security. An internal test lets companies test the internal network in the more common event that their external perimeter is breached via phishing. For this reason, internal and external penetration tests should go hand in hand, and can even be packaged together so organizations can get a full overview of where their vulnerabilities live.
Do you have to create custom exploit code to penetrate an external network?
According to Aaron, this need depends on the scope of the engagement. Pen testers often only have a week to break into a company’s network, which ..
Support the originator by clicking the read the rest link below.
