Penetration testing (“pentest”) is basically an advanced stage of cybersecurity quality assurance that ensures an organization’s valuable data or access to resources is protected at the highest level possible. During a penetration test, a team of hackers independently attempts to break into a network using whatever means are available to them. If they’re successful, they document their methods and assist their clients in closing up the seams they were able to slip through.
A pentest isn’t really meant for companies that are just setting up their network security, or for those that don’t have something of particularly high value that elite hackers are likely to target. Companies that are simply looking to set up and optimize their security would instead want a “vulnerability assessment,” which checks to make sure they are protected from common issues and attack vectors. By comparison, during the course of a penetration test, the hacking team may actually come up with an exploit that no one has ever seen before!
Penetration testing isn’t just about throwing known attacks against the wall to see if one sticks. A penetration tester will spend much more time reconnoitering the client’s network, looking to develop one perfect attack that allows them to get the data and get away undetected. They may also use a wide range of means other than simple software exploits. Penetration testers can be authorized to attempt to socially engineer employees by phone or email, and in some cases even visit the client facility in person to see if they can wrangle their way into unauthorized physical access to their computers or to attempt to hack their public WiFi networks.
Want more hot desking inspiration? Check out our favorite blog post and subscribe our blog!