A penetration test is an attempted intrusion into the company network from the outside, without knowing anything about the infrastructure or technologies used by the customer beforehand. The aim is to simulate the activities of a hacker determined to violate the security system on the basis of his outside knowledge.

What a Pen Test does

• It searches for vulnerabilities in the system from the outside;
• It forces the defences of the network using the vulnerabilities found;
• Having broken through the defences, it searches the network for all potential damage that a hacker could cause to the Customer's business (in terms of interference with resources and theft of confidential information).

Characteristics of the Secure Network Pen Test

• Executed using the methods designed and tested by researchers specialized in information security at Secure Network, in close collaboration with the international scientific community;
• Black box, there is no need to know the characteristics of the system to be violated;
• Focused analysis, not only detection but actual use of the vulnerabilities identified;
• Professional service, it does not damage the structures or the configuration of the network tested in any way;
• Straightforward, detailed report of results produced by the test;
• Planning of the customer's security priorities;
• Perfect integration with the complete suite of Secure Network security services.

Types of Penetration test

According to the Customer's aims and needs, various kinds of tests may be carried out. The "black box" pen-tests provided by Secure Network are:

Network Pen Test – The attack is based on the indication given by the Customer as to the external IP addresses to be considered the targets: by exploiting the vulnerabilities found, obtaining high privileges and, if possible (where requested), forcing the passwords.

Web Application Pen Test – Attacks the web applications indicated by the Customer, checking the security level and the presence of any vulnerabilities that enable their operation to be forced and, for example, access to be gained to the system or confidential information.

Wireless Pen Test – Attacks the WiFi and Bluetooth devices and networks installed in the Customer's offices, so as to check for the presence of vulnerabilities that could allow unauthorized access to the Customer's systems, identifying the level to which an attack of this kind may penetrate.

Social Engineering – The attack is not directed at the technological aspect, but at the "human" aspect. Our analysts will try to obtain confidential information and access the customer's company information system by interacting directly with staff.