If you haven't heard of it before, this term may sound Chinese to you, but it is a great way to check the status of security of the company and identify the vulnerabilities and other security problems where it could be attacked, with the aim of correcting them and being better protected.
You may have heard of him as penetration test (penetration + testing) and even how ethical hacking, although this last term has some small differences with the pentesting.
He pentesting consists of the “attempted penetration or access”, intentionally, but without a malicious objective, to the computer systems of an organization, to reveal possible problems of security and be able to take action.
Thus, a service pentest looks for and analyzes all possible holes and faults in Informatic security that a certain system may have (the web, corporate applications, etc.), also assessing its criticality, scope, and the possible impact in the event that someone manages to exploit said systems. vulnerabilities.
However the ethical hacking goes a little further by completing the pentesting, since it not only focuses on the location and identification of vulnerabilities, but once found, their next objective is the exploitation of these vulnerabilities, as if from a cyber attack caused by a cyber attacker it was about.
An exercise of pentest It can be considered in two ways:
- Focusing on the analysis and detection of vulnerabilities and risks on the corporate surface that is exposed on the Internet, what is called pentest external.
- Or focusing on the search for security holes in the corporate network and in the activities that could be carried out by a attacker who has managed to enter it, or even a insider who works in the organization, which is known as internal pentest.
On the other hand, there are three types of pentests:
- Of black box, where there is initially no type of information about the company or its computer systems that are going to be analyzed (black box pentesting).
- Of White box, where initially there is all the possible information about the company and all its computer systems that are going to be analyzed (white box pentesting).
- Of gray box, which is a mixture of the two previous ones, where there is initially partial or incomplete information about the company and its computer systems that are going to be analyzed (grey box pentesting).
This type of services offensive security must be provided by cybersecurity experts who apply their extensive knowledge and experience, following a specific action plan and certain steps, in a methodical manner:
- First of all, its objective is locate all possible information about the company and about each of its computer systems, as a target discovery.
- In second place, find the vulnerabilities that are affecting said systems.
- In third place, analyze vulnerabilities found and how they could affect computer systems and the company.
- If it is a ethical hacking, they are dedicated to vulnerability exploitation found.
- And finally, they prepare a report of conclusions and recommendations, to solve all the problems found.
Do you know our pentesting services? We can help you?
You can expand details about our services Pentesting visiting the page of Zerolynx.
If you prefer, contact us and we talked.