Products & Services
Consulting & Assessment Services
Ask the Experts
Submit a no-obligation question about our penetration testing services.
GET INVOLVED: We'd like to hear from you! Post your thoughts on penetration testing FaceBook, Twitter, and the InfoSight Blog.
Penetration Testing
InfoSight will help you answer these questions and others by identifying exactly where your systems are vulnerable and by testing the impact and risk associated with these vulnerabilities.
Our penetration testing activities will reveal how well your organization's security policies protect your assets. We'll identify the extent to which your system can be compromised before an actual attack. InfoSight's Penetration testing includes:
- Gathering information about the target before the test (reconnaissance),
- Identifying possible entry points,
- Attempting to break in (either virtually or for real) and,
- Reporting back the findings.
Penetration testing can also be used to test your security policy compliance, your employees' security awareness, and your organization's ability to identify and respond to security incidents. Strategies include:
Internal testing
Internal penetration testing mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of penetration testing is useful for estimating how much damage a disgruntled employee could cause.
External Testing
External penetration testing targets an organization's externally-visible servers or devices including domain name servers (DNS), email servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they've gained access.
Blind Testing
A blind penetration testing strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand. Typically, they may only be given the name of the organization.
Double Blind Testing
Double blind penetration testing takes the blind test and carries it a step further. In this type of penetration test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.
InfoSight's security experts conduct real-world attacks to determine your security weaknesses. Our pervasive knowledge of the most current attack vectors, along with our extensive experience in the financial services, insurance, healthcare and utilities industries, will provide you with the assurance and freedom you need to concentrate on your business rather than on your security.
Let our experts analyze your system to determine your security weaknesses before a cybercriminal does. Contact us today.
Complementary Services
Vulnerability Scanning
IT Risk Assessment
Social Engineering Testing & Training
What is
Penetration Testing?
Penetration testing (also called a pen test) is a method of evaluating a computer system, network or Web application to find vulnerabilities that an attacker could exploit. The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.
By simulating an attack from a malicious source, the evaluator identifies potential security vulnerabilities and determines the feasibility of a malicious attack as well as the impact a successful exploit might have on an organization. The evaluators work under the same constraints applied to ordinary users.
A penetration test should be carried out on any computer system that is to be deployed in a hostile environment, in particular any Internet-facing site, before it is deployed. This provides a level of practical assurance that any malicious user will not be able to penetrate the system.
Do you have something to add to this definition? Let us know. Email your comments and contributions.
