Insights Blog

Home / Cyber Security Insights

News

AirSwift Template Image

In 2023, is it a wise decision to make an investment in cryptocurrency? Here's what you should be aware of.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.
Theresa Webb
11 Jan 2022
5 min read
AirSwift Template Image

Discover 8 easy methods to begin saving money each month and learn how to cut costs.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.
Annette Black
11 Jan 2022
5 min read
Microsoft acknowledged what we already knew, that a freshly patched newly privilege escalation vulnerability, CVE-2024-21410, was being exploited. The patch was released on the 13th of Febraury and by the evening of the 15th we were seeing exploitation.

CVE-2024-21410

Microsoft acknowledged what we already knew, that a freshly patched newly privilege escalation vulnerability, CVE-2024-21410, was being exploited. The patch was released on the 13th of Febraury and by the evening of the 15th we were seeing exploitation.
Peter Bassill
February 15, 2024
5 min read

Find Peace with SOC365

Defend against Cyber Attacks
Report on Cyber Success

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
AirSwift Template Image
What is Penetration Testing?

Penetration testing, also known as pentesting, describes the assessment of computer networks, systems, and applications to identify and address security weaknesses affecting computer networks, systems, applications and websites. Some vulnerabilities can’t be detected by automated software tools.

Penetration testing is a form of ethical hacking which ensures that any weaknesses discovered can be addressed in order to mitigate the risks of an attack. It is recommended that all organiations commission security testing at least ear, with additional assessments following significant changes to infrastructure, as well as prior to product launches, mergers or acquisitions.

What are the different types of pen testing?

Types of pen test vary in focus, depth and duration. They can include internal/external infrastructure penetration testing, which assesses on-premise and cloud network infrastructure, wireless penetration testing, which targets an organisation’s WLAN, as well as wireless protocols.

Other types of tests include web application testing, which assesses websites and custom applications delivered over the web, mobile application testing which tests mobile applications on operating systems, including Android and iOS to identify authentication, authorization, data leakage and session handling issues, and build and configuration reviews which review network builds and configurations.

What is the difference between penetration testing and vulnerability scanning?

Penetration Testing and Vulnerability Scanning are distinct yet complementary approaches to bolstering cybersecurity. Penetration Testing involves simulated cyberattacks by ethical hackers to identify and exploit vulnerabilities within a system, mimicking real-world threats. This process is highly manual, comprehensive, and aims to provide a deeper understanding of an organisation's security posture. In contrast, Vulnerability Scanning is an automated process that systematically scans networks or systems to identify known vulnerabilities. It focuses on the identification and classification of potential weaknesses, providing a continuous and efficient means of monitoring for security risks.

Penetration Testing is akin to a simulated cyber assault, conducted periodically to assess an organization's resilience against sophisticated threats. On the other hand, Vulnerability Scanning is a routine, automated practice that ensures a consistent check for known vulnerabilities within the defined scope. The combination of these approaches, as exemplified by Hedgehog Security, forms a robust cybersecurity strategy that not only identifies vulnerabilities but also simulates real-world attack scenarios to fortify an organisation's defenses.

Why is penetration testing important?

Penetration testing is an important part of maintaining cyber security and addressing gaps in your organization’s defenses. Penetration testing should be a critical element of all organisations’ security programs to help them keep up with the fast-evolving threat landscape.

With threats constantly evolving, it’s recommended that every organisation conducts a penetration test at least twice a year, but more frequently when making significant changes to an application or infrastructure, launching new products and services, undergoing a business merger or acquisition or preparing for compliance with security standards.

What steps are involved in penetration testing?

High quality penetration testing services apply a systematic methodology to ensure that all the relevant aspects are covered. In the case of a blackbox external network pentest, once the engagement has been scoped, the penetration tester will conduct extensive reconnaissance, scanning and asset mapping in order to identify vulnerabilities for exploitation. (See our 7 step approach.)

Once access to the network has been established, the pen tester will then attempt to move laterally across the network to obtain the higher-level privileges required to compromise additional assets and achieve the objective of the pentesting engagement. The final stage is the provision of a detailed report.

How long does penetration testing take?                                

The duration of a penetration test will depend on the scope of the test and the nature of the organisation. Factors affecting penetration testing duration include network size, whether the test is internal or external facing, whether it involves any physical penetration testing and whether network information and user credentials are shared prior to the penetration testing engagement. Your chosen vendor should discuss your options with you and agree what works best for your organization prior to starting the penetration testing.