Penetration Testing and Post-Penetration Testing

Cybersecurity, Penetration Testing / Penetration Testing

Penetration Testing

There are many different types of penetration tests, and they all test the security of different infrastructures. it’s important to understand the differences when looking to obtain a penetration test:

  • Website Penetration Testing – Performed against basic websites that do not have a login portal.
  • Web Application Penetration Testing – Web Applications have a login portal and back-end databases storing information for different user accounts. Consequently, this increased complexity has a greater attack surface and is a more intricate Penetration Testing process.
  • Internal Penetration Testing – Performed from within the business’s network against the internal network infrastructure. The purpose of this is to detect any risks that can be exploited by a disgruntled employee, or an attacker that has compromised physical security.

Post Penetration Testing

You have a heavy report documenting your companies risks and recommendations. The first and most obvious thing is to develop a remediation plan based from the risks in the report. These must be addressed in order of priority (High Risk to Low Risk).

Now, what must be implemented (if not done so already) is to have the two below Security Processes:

1) Ongoing Penetration Testing – New vulnerabilities are discovered every week. Software that was once fully up-to-date can be fish in a barrel for an attacker tomorrow. The minimum time-frame to conduct penetration testing on a business is once every 12 months. Furthermore, (if you would like to adhere to ISO 27001 Information Security Standard), Security Testing should be carried out for all new and updated infrastructure systems.

2) Security Operations Centre – A SOC team’s goal is to detect, analyse and respond to live cybersecurity incidents using a combination of technology solutions and strong processes. A SOC is a difference between a Proactive Business vs a Reactive Business, they can catch things early.

A reactive business doesn’t have a SOC. Rather, they respond to events after they have happened – after an attacker has encrypted every single file and demands some Bitcoin, or after customer information has leaked onto the internet. Now, there is irreversible reputational damage.

Understanding the types of penetration testing which can be performed will help is necessary for better understanding a business’s security posture.

Continuous Penetration Testing will ensure new risks from released vulnerabilities are mitigated. While an external SOC provides more affordable financial costs, immediate access to Security Maturity, and potentially reduced legal and regulatory risk.

At CTRL Group, this philosophy is taken further by BlueNode – our Risk Operations Centre.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent massa lectus, ullamcorper eget eleifend et, molestie ac tortor. Cras faucibus nibh et fringilla feugiat. Sed sit amet felis velit. Pellentesque porta, nulla et ultricies congue, arcu urna tincidunt elit, non pretium nibh eros vel ante. Praesent ac interdum purus. Nulla efficitur massa sit amet volutpat rhoncus. Maecenas eu lobortis elit. Nulla eu velit luctus, fringilla libero a, pharetra velit. Praesent mattis urna quis lorem cursus bibendum.

Headline

Ut sollicitudin ut justo id maximus. Etiam tincidunt pretium est id volutpat. Vestibulum iaculis diam non mi accumsan, ut dignissim sapien iaculis. Nam suscipit mattis auctor. Suspendisse finibus mi placerat augue fermentum interdum. Donec eget pharetra elit.

Related Articles

Penetration Testing / Penetration Testing
Interview with Penetration Tester
Read more
Cybersecurity, Penetration Testing / Penetration Testing
Penetration Testing and Post-Penetration Testing
Read more
preloader