You may have heard about Penetration Testing or Pentesting before.
If you are not sure where to begin, talking to our security experts about conducting a penetration test is a good place to start.
Every organization has its own security needs, and Horangi provides customized security offerings, including tailored penetration tests for our customers.
STEP 1: WHICH COLORS DO YOU WANT?
- Black Box : For application or systems by simulating an attack from outside and inside. In this scenario, clients give us limited information about the target and we will test it from the perspective of an attacker!
- White Box : In this scenario, clients will give us complete access and information about the applications or systems, for a comprehensive test. Complete knowledge of the infrastructure is required for network penetration test.
- Grey Box : Final shade of grey box pentesting falls between the black-box and white-box approach - a popular option. A comprehensive assessment without revealing too much sensitive information. Saves time on enumeration and fuzzing.
STEP 2 : WHICH TYPE OF APPLICATIONS DO YOU HAVE?
- Thick Client Penetration Test : Tests done on binary files installed on a computer
It is installed on local computer (client side) using computer resources. These applications periodically accesses information from a remote server. These applications might use multiple ports and non-standard protocols. - Mobile Application Penetration Test : Tests done on mobile applications
Mobile penetration test is a subcategory of thick client penetration test, however the requirements are different. - Web Application Penetration Test: Tests done on web applications
For this penetration test, web applications are able to be accessed through a browser. These applications usually use the HTTP/HTTPS protocol. - Network Penetration Test : Tests done on devices on a network
This test is used to evaluate the susceptibility of devices in a network. By identifying the vulnerabilities found in client's networks,hosts and devices, network penetration testing evaluates the level of risks posed by vulnerabilities and misconfiguration.
STEP 3 : WHAT KIND OF TESTS DO YOU REQUIRE?
- External Penetration test : External penetration tests are conducted from a publicly accessible network, from the perspective of a external attacker. Remote pentesting are often done remotely.
- Internal Penetration test : Internal penetration tests are conducted within the client’s network. It has the advantage of taking into account potential internal threats, such as actions from malicious individuals or disgruntled employees.
Every steps mentioned above will be necessary questions to scope the project. Not only those questions, but also our cyberops members will ask a few more relevant questions to scope client's environment before initiating the security project.
If you are interested in Horangi Penetration Testing, try 10 mins free consulting and get security assessments!