What is Penetration Testing?

Penetration testing (or pentest for short) is a method of evaluating the security of digital
systems by simulating an attack.
The attack can be simulated from the outside (external pen test) from the perspective of a
malicious individual without any prior knowledge of the system architecture and
authorisation mechanisms of the systems in question.
An attack can also be simulated from within the organization (internal pen test), where the
security professional would test the internal systems and applications from within the
organizations internal network, mimicking the same access that the organizations
employees currently enjoy.
The process of penetration testing involves an active analysis of the designated systems
within your organisation.

Why use IMGN for Penetration Testing?

Our team works closely with our yours to construct an accurate penetration test which is
custom tailored to fit the scope of your organizations operations.
We can test for any potential vulnerabilities that could result from poor or improper
system configuration to known and unknown hardware or software flaws.
We will aim to demonstrate the intellectual, financial and/or reputation risk your
organization would face in the event of a system breach.
Post assessment, we will work with you and your team to suggest remediation steps in
order to mitigate the risks.
We will also help identify what could have been in place to help prevent the situation, and
help you recover from an attack.

Is penetration testing safe?

The short answer is no.
Our penetration testers write exploits in an array of languages to compromise certain
software and hardware components that are found to be vulnerable.
The result can be service outages if the target system service falls over during exploitation.
It is therefore imperative that the parameters of the penetration test is well defined and
clear lines of communication is sustained throughout the duration of the pentration test.
The appropriate stake holders should both be aware and on standby should a critical
component of the target system be affected.
Can you test any IP address?
Yes, we can check any and as many IP addresses as you want provided they belong to you.
Third party IP addresses your organisation uses for services are out of the legal boundary
and therefore cannot be included within the penetration test.
If you are using a hosting provider, they will often have a standard document you will need
to complete as they will have to book a testing slot.
Amazon and Rackspace require at least two weeks notice before a penetration test is to
commence.
Here are some quick links to some of the many hosting providers that require notification
prior to penetration testing :

Why is Penetration Testing so Effective?

There are a variety of reasons for penetration testing. One of the main reasons is to find
vulnerabilities and fix them before an attacker does.
Quite often, the IT department is aware of reported vulnerabilities but they need an outside
expert to report them officially, in order for management to approve the resources
necessary to fix them.
Having an pen tester evaluate a critical computer system is good security practice.
Furthermore, testing a new system or software module before it goes to production is
imperative.
Another reason for penetration testing is to give the IT department at the target company a
chance to respond to an attack. Testing the response methods in a controlled manner
where you can control the variables is safer than waiting for that attack which will
undoubtedly come at 1am on a Saturday morning.
There are a number of regulatory requirements for penetration testing too. For example,
the Protection of Personal Information (POPI) act , along with others has very specific
requirements for external penetration testing.

 

I want to know more