Penetration Testing

Evaluating the security of a computer system or network by hacking. Basically, it is an analysis of system for any potential vulnerability that may result from any of the following:

1.       Poor or improper system configuration
2.       Known and / or unknown hardware or software flaws
3.       Operational weaknesses in process
4.       Technical countermeasures

In other words, we can say that it is the process of actively evaluating your information security measures.

Common Hacking Steps: A hacker relies on a variety of tools as well as his or her own creativity in order to attack the network. Because every network is different, hackers employ a variety of means to breach the security. However, most hackers follow the same basic steps to perpetrate an attack:

1.       Profiling: Profiling, or foot printing, is the process of gathering information about physical site/target.
2.       Scanning: Scan the Network for additional Information such as Active devise in the network.
3.      Enumerating: Enumeration is the intrusive process of determining valid user accounts and accessible resources such as shares.
4.       Exploiting: Exploiting is the process by which the attacker gains unlawful entry to a system. At this point, the attacker would have identified vulnerabilities during the scanning and enumeration phases.

Importance of Penetration Testing:

1.       It prevents financial loss through from hackers or extortionists or disgruntled employees
2.       It prevents financial loss through unreliable business systems and processes
3.       From an operational perspective, penetration testing helps shape information security strategy.
4.       It protects your brand by avoiding loss of consumer confidence and business reputation.

Below are some common areas that can be tested in Penetration Testing:
1.       Telephony or remote access
2.       Products such as operating systems, applications, databases, networking equipment etc.
3.       Custom build dynamic web sites or in-house applications etc.
4.       WIFI, Bluetooth, IR, GSM or any other wireless devices etc. Access control devices etc.