Description
Pentesting:
The Objective of a penetration test is a pro-active approach to validate and test security controls in a manner that resembles a cyber-attack, allowing you to understand vulnerable areas within your environment
By Performing regular penetration testing the following can be addressed:
• Test your security controls
• Identify vulnerabilities
• Maintain Compliance
• Enforce a Security Strategy
The next step up from black-box testing is gray-box testing. If a black-box tester is examining a system from an outsider’s perspective, a gray-box tester has the access and knowledge levels of a user, potentially with elevated privileges on a system. Gray-box pentests have some knowledge of a network’s internals, including design and architecture documentation and an account internal to the network.
The purpose of gray-box pentesting is to provide a more focused and efficient assessment of a network’s security than a black-box assessment. Using the design documentation for a network, testers can focus their assessment efforts on the systems with the greatest risk and value from the start, rather than spending time determining this information on their own. An internal account on the system also allows testing of security inside the hardened perimeter and simulates an attacker with longer-term access to the network.
