A well designed and executed penetration test has the capability of identifying exploitable vulnerabilities that could lead to a compromised system or a breach before any bad actors do.
Ready to Get Started?
Our team of professionals is ready to dive in and collaborate with your team
A penetration test, often referred to as a pen test or ethical hacking, is a simulated cyber-attack against a computer system, a network, or an entire organization, to check for existing and exploitable vulnerabilities. Pen testing can involve an authorized attack against a network (from an internal and external perspective), application (web and mobile, including any APIs), wireless network, or the human element of an organization (i.e. social engineering).
Penetration tests can take multiple forms and approaches, depending on the objective of the assessment, the main ones of which include:
- Black Box– During a black box penetration test (also known as a external penetration testing) the pen tester is given little to no information regarding the IT infrastructure of a business. The main benefit of this type of test is to simulate a real-world cyber-attack, whereby the pen tester assumes the role of an uninformed attacker.
- White Box- White box penetration testing (also called clear box testing, glass box testing, or internal penetration testing) is when the pen tester has full knowledge and access to the source code and environment. The goal of a white box penetration test is to conduct an in-depth security audit of a business’s systems and to provide the pen tester with as much detail as possible. As a result, the tests are more thorough because the pen tester has access to areas where a black box test cannot, such as quality of code and application design.
- Gray Box- During a gray box penetration test, the pen tester has partial knowledge or access to an internal network or web application. A pen tester may begin with user privileges on a host and be told to escalate their account to a domain admin. Or, they could be asked to get access to software code and system architecture diagrams. One main advantage of a gray box penetration test is that the reporting provides a more focused and efficient assessment of your network’s security.
Whether you need a penetration test because of a compliance framework that requires one, you’ve been asked to perform one through contractual obligations, or you simply want to put your security capabilities to the test, a penetration test plays a key role in any security program. A well designed and executed penetration test has the capability of identifying exploitable vulnerabilities that could lead to a compromised system or a breach before any bad actors do. A breach can cost an organization millions in damages, including reputational consequences. A penetration test, along with a strong IT security and compliance program, can greatly increase an organization’s chances of preventing such an adverse occurrence.
RISCPoint employs a wide range of industry professionals with years of experience, training, and certifications in the cybersecurity and penetration testing field. Rather than an off-the-shelf penetration test, or an automated vulnerability scan which some providers try to pass off a real pen test, our team will help design a tailored approach which will take into considerations your needs – i.e. why are you doing the test, what risks are you trying to address, what are the threats/threat actors that you’re trying to protect against, what are your crown jewels that are mission critical to you as an organization, and how advanced is your current security posture.
Some of our main technical services include in-depth assessments of the following:
- Network Services (internal and external)
- Web Applications
- Mobile Applications
- Wireless Networks
Our team also specialized in the social engineering assessments, including email and phone phishing campaigns, and physical assessments (data centers, offices, critical infrastructure).
Start the Conversation
Work with our team of professionals to help find a tailored solution for your company