Simulate attacks against your applications and systems.
Penetration testing is a simulated attack against your organisation's information, applications and systems. The objective is to determine the effectiveness of your existing security controls, both technical and procedural.
Penetration testing seeks to emulate the capability and motivation of a typical threat actor, and uses a mixture of automated and manual techniques.
The level of prior knowledge, attacker capability and underlying motivation will depend on the agreed rules of engagement, but typical examples include the following:
- Opportunist attacker
- Disgruntled employee
- Malware distributor
- Identity thief
- Intellectual Property (IP) thief
There are many different types of penetration testing, and a wide range of approaches that can be taken. We discuss the specific requirements with our clients prior to beginning any engagement, however, in general, most engagements fall into the following categories.