Why conduct a penetration test?
An organisation should carry out a penetration test:
- In response to the impact of a serious breach on a similar organization;
- To ensure the security of new applications or significant changes to business processes;
- To manage the risks of using a greater number and variety of outsourced services; and/or
- To assess the risk of critical data or systems being compromised.
The penetration testing process involves assessing your chosen systems for any potential weaknesses that could result from poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.
An experienced penetration tester can mimic the techniques used by criminals without causing damage. These tests are usually conducted outside business hours or when networks and applications are least used, thereby minimizing the impact on everyday operations.
Our penitration testing services scan for the following vulnerabilities
Vulnerability scanning is the act of identifying potential vulnerabilities in network devices such as firewalls, routers, switches, servers and applications. It is automated and focuses on finding potential and known vulnerabilities on the network- or in the application-level. It does not exploit the vulnerabilities.
Benefits of KOZA Penetration Testing
- Intelligently manage vulnerabilities
- Avoid the cost of network downtime
- Meet regulatory requirements and avoid fines
- Preserve corporate image and customer loyalty
Obtaining a penetration-testing software or hiring a pen-tester to test your network is a proactive effort of protecting your network and business from risks before attacks or security breaches occur.
Different types of penetration test
There are different types of penetration test, each focusing on a particular aspect of an organisation’s logical perimeter.
External network (or infrastructure) penetration test
The objective of an external network penetration testing is to identify security vulnerabilities in how an organisation connects with the Internet and other external systems. This includes servers, hosts, devices and network services. If an organisation’s interfaces are not designed correctly, criminals will be able to enter the network and perform malicious activities.
Common security issues
- Unpatched operating systems, applications and server management systems.
- Misconfigured software, firewalls and operating systems.
- Unused or insecure network protocols.
Internal network penetration test
The objective of an internal Network penetration test is to determine what vulnerabilities exist that are accessible to both an authenticated and non authenticated user to ensure that the network is critically assessed for both the potential exploit of a rogue internal user, and an unauthorised attack.
Common security issues
- Weak / default passwords
- Inappropriate privileges
- Access control issues / information leakage
- Inadequate patching of systems
- Unsecured workstations
- Vulnerabilities in intranet applications