BSM Better Security Management
What is a penetration test?
Penetration tests, also called pentest, are called ‘authorized digital break-in’ or ‘ethical hacker attacks’ on a network , website, Internet or computer system to understand the security risks and vulnerabilities.
There are three ways of performing a hack / penetration test:
1. White box hacking:
2. Gray box hacking:
3. Black box hacking:
The difference lies in the amount of knowledge and background information that the tester receives. The tester will have an advance understanding of all aspects of the architecture during a white box hack, and consequently the hacker is able to test the system to the deepest levels. When the hacker has got limited pre-information, it is called grey box hacking and during a black box hack, the hacker has got minimal prerequisite knowledge.
Which test is suitable for your situation?
A website scan is applicable with a simple website without interactive content and privacy-sensitive database. The website scan provides insight into the security of your web environment and offers a solid protection against defacement and cross-site scripting. The scan is performed fully automatically.
Pentest on server and network
We test the security of servers and components from outside to give you insight into network vulnerabilities. We scan the one or more servers or a network segment either via the Internet or at your location. It is optional to expand this scan as to include the digital route towards the server and other network components.
Pentesting on applications
We recommend a pentest on applications in the situation that your organization makes use of custom made software which is not periodically updated for security checks by your soft- or hardware supplier. In this test we focus on your specific applications such as databases, content management systems and custom software. We use specialized software to scan source code.
Active control and pentest
When the system contains critical information such as financial, privacy-sensitive or credit cards, we recommend an active control and pentest. It is compulsory to prove that as a company you have taken the rights steps in order to protect the data as much possible so as to prevent image loss and damage claims and ensure the privacy of your employees, customers, suppliers and business relations.
During this type of testing we try various ways to penetrate your system, the way a professional hacker would, including social engineering and depth attacks using tools like the “Metasploit Framework’'(a platform of ICT security guards).
On completion we report our findings in a clear and practical report that will put your IT manager to work.
When is a pentest useful?
1. In the acceptance phase of a new system or a new application
2. When significant changes have been made to a major system or a major application
3. Periodically; testing existing systems on new intrusion techniques
4. If there is another reason to think that the system security might be underperforming
Please contact us for more information about penetrations tests.