What is Pen Testing?
In simple terms a Pen Test examines any weaknesses in the IT infrastructure of a corporation by trying to discover and exploit them, in a safe manner. These vulnerabilities can be found in the software itself at these particular points of entry:
- Backdoors in the Operating System;
- Unintentional flaws in the design of the software code;
- Improper software configuration management implementation;
- Using the actual software application in a way it was not intended to be used.
Pen Testing can be accomplished either through manual or automatic processes and is often targeted towards the following endpoints:
- Servers;
- Network endpoints;
- Wireless networks;
- Network security devices (this is hit upon the most in an actual Pen Test, which includes the Routers, Firewalls, Network Intrusion devices, etc.);
- Mobile and wireless devices;
- Other areas of exposure, such as that of software applications and the code behind it.
However, it should be noted that the actual Pen Test just does not stop at this level. The primary goal is to go as far and deep as possible into the IT infrastructure to get to the electronic assets of a corporation. The goal is not to just strike hard the first time, but to also strike even harder covertly at random times as well.
