Penetration Testing is the process of intentionally hacking and attacking your own network, web applications and organization, for the purpose of checking how secure your assets really are. Attackers have no regard to your organization’s internal policies, the trustworthiness of your employees, or the expertise of your technical staff. Only one fact matters to them; are you vulnerable?
It is in an organization’s best interest, economically, and for the sake of reputation, to answer that question before the attackers do.
Are you vulnerable?
To answer this question; an organization must perform a Penetration Test, in which simulated hacking attacks are performed on its cyberspace, to determine – based on facts and results – how secure (or insecure) an organization really is.
The team at Fortify performs Penetration Tests and Vulnerability Assessments in various forms, as explained below.
Black Box Testing
Black Box pen testing is a real hacking attack simulation, where the Fortify security experts carry out attacks like actual hackers do, without any prior or internal knowledge of the target. Through these attacks, the Fortify experts try to identify and exploit any weakness in any layer (web applications, operating systems, network devices, email, VPNs, etc.), and attempt to pivot further into the target organization.
White Box Testing
White Box pen testing is a cooperative security test performed with prior knowledge of the infrastructure, its underlying logic, and access to some credentials. The technical staff of the target organization provides the Fortify security experts with the detailed insight & knowledge needed to thoroughly test every element of the target network. This guarantees that no systems, functionality or IP subnets are left untouched. The more information that is supplied to our experts, the more complete its final result will be.
Allow our trusted security experts to take a look at your organization from the inside and tell you how secure it is at its core.
External Pen Testing
An External Penetration Test is performed strictly remotely, with no internal access provided to the Fortify security experts. The goal of this test is to simulate the majority of attacks coming from the internet.
The focus of this test is primarily the internet-facing assets of the organization, for example: Web applications, web servers, network endpoints, VPN, email servers. This test also helps an organization learn what information (public or private) can be gained about it from the outside.
Internal Pen Testing
An Internal Penetration Test is performed from within the premises of the target organization, usually to simulate threats from guests entering its physical boundaries (including wireless range), an employee with a malicious intent, or simply to discover the extent of damage an external hacker can do once he gains access to one of the internal machines.
An Internal Penetration Test focuses on the workstations, internal applications, access controls, domains, and internal documents. This test is useful to determine what sensitive information might be stolen from the inside.
Upon completion of the penetration test, a detailed report is provided and discussed with each client. The report includes:
- Executive Summary: Summary of the purpose of this test, as well as as brief explanation of the threats facing the organization from a business perspective.
- Findings: A detailed, technical explanation of the findings of the tests, with steps and proofs of the findings.
- Conclusion & Recommendations: This section provides final recommendations and summary of the issues found in the security test.