Identify the weak points & close the loopholes
Penetration testing identifies security holes in a network that a potential attacker could breach. Once found, remedial action can be taken to close those vulnerabilities before an attacker can exploit them.
Softaxa use a methodical approach, the latest toolsets and hacking methodologies to test the defenses of specific applications, servers, routers, networks and other, within scope
systems, looking for a potential foothold. The foothold is then exploited to see how far the network can be penetrated. Every vulnerability found is documented with commendations on how to address the issues to mitigate the future risk. Scope of penetration testing projects:
- White Box – customer provides passwords, usernames, IP ranges and full network access. This simulates an attack from someone who knows the business, perhaps a current or ex-employee.
- Grey Box – customer provides access to the network across all sites for scanning and exploitation but not usernames and passwords. This simulates an attack from someone who has specific but limited knowledge of the business.
- Black Box – customer provides website address and nothing else. This simulates an attack from an unknown assailant who initially knows nothing about the network they are attacking.
Secure networks cost money but not as much as the cost of addressing a successful attack. There are the physical costs and potential GDPR fines (up to 4% of turnover) as well as the cost of commercial and reputational damage.
The Payment Card Industry (PCI) Data Security Standard and other recent security recommendations require external security testing. Regular penetration testing is good practice for any organization interested in information security.