Pen Test (Penetration Testing)
In this edition of Cybersecurity Terms & Definitions, Accellis Technology Group Director of Cybersecurity, Tom Fazio, has defined Pen Test (Penetration Testing).
A Pen Test can also be referred to as ethical hacking. This is the act of testing a device, network, or web application for exploitable security vulnerabilities. There are several different types of penetration testing. The goal of most pen tests is to gain elevated privilege in the environment or access to confidential data, these are defined in the scope document when engaging the company providing the test. We will focus on the most common; Black Box and White Box.
Black Box Pen Test:
In a Black Box Pen Test, the security team does not have any preliminary knowledge of the computer network that they are hacking. The team will use open-source intelligence gathering to document as much information from public sources as necessary. Once targets are acquired, they will architect an exploit using a combination of tools, custom code, or social engineering.
- Black Box Pen Tests provide a more realistic scenario of a system being attacked
- Generally less expensive than a White Box Pen Test
- Success is largely dependent on the training and knowledge of the hacker(s) used.
White Box Pen Test:
In a White House Pen Test, ethical hackers have full knowledge of the environment in advance and they have transparent access to other company resources for information. This knowledge can be in the form of network diagrams, org charts, or direct access to the network. This information is supplied to the team in order to simulate what an insider might have access to in the environment.
- A White House Pen Test is more thorough and will find many more exploits compared to a Black Box Test.
- White Box Pen Tests have higher costs associated with them
- Generally take longer to complete
Compromised customer data and network breaches can destroy a company’s brand and negatively impact its bottom line. Penetration testing helps an organization avoid data incidents that may put the company’s reputation and reliability at stake.
Read Part 1 of our Cybersecurity Terms & Definitions blog series: Vulnerability Management (VM)
Are you interested in running a Pen Test for your orginazation’s network and devices to find possible vulnerabilities? We have a certified ethicalhacker on staff to assist. Fill out the form below and cybersecurity expert will reach out at your earliest convenience.