A penetration test is an exercise to assess the capability of an organization to defend itself against a cyber attack - the objective of a penetration test is to identify weaknesses that could be exploited, by somebody/something to gain unauthorised access to restricted information. By identifying and highlighting the weaknesses in this controlled manner, the organization can then take corrective measures to ensure these weaknesses are no longer available to an actual attacker.
In other words, a penetration test is a simulated attack, the primary targets of attack are technological assets (networks, systems, applications) and personnel (social engineering awareness). The eli5 consulting penetration testing methodology is based on well documented industry standards and frameworks such as OSSTMM, ISSAF and PTES. Our methodology provides a consistent and repeatable approach to conducting penetration tests against systems, networks and web applications - all our assessments are carried out by qualified and experienced penetration testers.
A penetration test can be conducted from either of two perspectives. An external penetration test is conducted to assess how your companies systems would fare against an external attacker, such as one attacking via the internet, whilst being based in another country. An internal penetration test is conducted to assess the security of your data from internal threats, such as disgruntled staff, fraud perpetrators and social engineers.We conduct penetration tests against a variety of targets, depending on the needs of your organization. Our testers can evaluate public facing systems, internal networks, staff susceptibility to manipulation and deception and wireless networking solutions. Due to the nature of the tests, eli5 will not perform any testing without prior receiving written approval from the client.
It is generally regarded as good practice to perform both an internal and external penetration test at least annually or directly after any significant change is made to your environment. Companies seeking PCI-DSS certification are required to conduct an internal and external penetration test annually.