Posted on Wednesday, January 12, 2011

Pen Testing – AKA Penetration Test or Pentest – is not the same as what is termed a ‘Vulnerability Assessment’. While both are associated with IT Security Testing the latter is usually carried out by a scanning tool – All too often these two System Security processes are confused: And this can be of great detriment to the Company. Why is that? Primarily because the results returned by automated scanning tools can be incomplete and unreliable: Unfortunately, some tools routinely fail to detect vulnerabilities: -As well as return false negatives. Therefore, it is vital that results are verified.

A Pentest IT Security Expert can verify the results returned from a Vulnerability Assessment: Ensuring the information is reliable. In addition a Pentest IT Security Expert can analyse and advise the Company with regards to any areas of concern brought to light within those reports. Indeed, in this way a Vulnerability Assessment can become far more valuable. Even so Penetration Testing can provide more in-depth and reliable reports which can give a Company great insight with regards to the functionality and the security of their systems.

Payment Card Industry Data Security Standard

The PCI DSS calls for some Companies to carry out routine Penetration Testing and/or a Vulnerability Assessment performed by an Industry Approved Scanning Tool. While the results of approved tools may be reliable and provide good insight, they only test for identified vulnerabilities: Therefore lack the creative intuition of a professional Pen Testing Expert. A Penetration Testing Expert uses their IT Security experience and creative intuition as well as a combination of clever methodologies, scripts and scanning tools to test the systems code and vulnerability to attack.

What It Takes

Pen Testing (Pen Test) comes in many forms: Whitebox, Blackbox and Greybox – Which each describe various Penetration Test design methodologies. They all require the knowledge to understand what makes code secure and/or insecure: A range of methodologies and tools: As well as the ability to think like and realise what makes a Hacker tick. Possessing one of these requirements simply isn’t enough – It takes a combination of the three to carry out effective Pen Testing: Particularly if Gray or Black Box Testing is the requirement. Indeed, this is one of those instances when it is invariably a case of…leaving it to the professionals…

Murray IT Security Services can provide a Pentest expert. Offering a range of IT Security Services our IT Security Experts can perform many levels of Pen Testing – White, Black and many areas of Grey. Our reports are informative and can help a Company ensure they are focusing their IT Security budget in the right areas; As well as keep their systems optimised and secure. Contact Murray IT

