What is Penetration (Pen) Testing?
Penetration (Pen) testing, also known as a pen test, is categorised as ethical hacking. A penetration test is a simulated cyber attack on your computer’s system and servers intended to check for exploitable vulnerabilities.
The rate of cyber attacks is increasing year on year, and millions of dollars are being lost as a result. It is important that you and your company are not only carrying out penetration testing regularly, but you also have to ensure that the third party software you use is also regularly performing penetration testing.
What Does Penetration Testing Mean For Your Business?
Penetration testing is becoming ever more crucial to companies and businesses as cyber-attacks are becoming more sophisticated. By running regular simulated cyber-attacks your business can identify and address the following:
- Security Vulnerabilities
- The response time of your IT team or third party vendor in mitigating and fixing issues
- Real-life scenarios are created and potential data breaches are highlighted to help better equip security and IT teams
How Long Does it Take To Do a Penetration Test?
A penetration test can be carried out either manually or you can run a vulnerability assessment. A vulnerability assessment test can usually take between 1-2 days. During this, it checks for issues and performs ethical hacks. A manual test will take a little longer as this is performed manually by humans.
How Do I Make Sure Third Parties Are Performing Pen Tests?
It is worth speaking to your software providers to ask them a few questions around the pen tests. Some questions you may want to ask are:
- How often do you perform penetration tests?
- Is your testing automatic or manual?
- What penetration testing tools do you use to carry out your tests?
- Do you allow for external testing?
Also, if possible, ask your provider for a copy of their penetration testing results. Most reputable software providers are happy to comply.
Penetration testing is usually undertaken by security professionals or IT departments. During the testing, they test custom applications, web services, multi-tier network architectures and other IT components. Penetration testing tools are used to carry out these tests that will essentially give you an insight into the state of your securities, and the risks, so that these can be resolved more quickly.
Some penetration testing tools that are used include:
Swift Digital Penetration Testing
Internal Pen Testing
Swift Digital carry out their own internal scan penetration tests (Interactive Application Security Testing (IAST)) on a quarterly and annual basis.
The quarterly is run automatically and the annual is manually performed. These are performed in house and are tested and authorised by a third party QA/QC testing team specialised in simulated cyber-attacks and penetration testing.
External Pen Testing
External testing consists of testing the target assets of a company that are visible on the internet. These include the company website, email domain and DNS servers.
Swift Digital welcomes external testing in the form of independent testing. If this is something that you would like to arrange then please contact our sales team on 1300 878 289. Otherwise, in the meantime check out our email marketing best practice tips here.