Learn more about Penetration Testing
A penetration test, also known as a pen test, goes beyond simply identifying and validating vulnerabilities—it is a full, manual exploitation; one that mirrors a real-world attack. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.
The vulnerability assessment consists of network host discovery, information gathering, scanning hosts at the network-layer and application-layer with industry-leading commercial tools in search of thousands of vulnerabilities, and expert-level analysis. The vulnerability assessment can also include various types of optional testing such as authenticated scanning, user privilege escalation, and password cracking.
Measure end-user response to phishing, spear phishing, spam, and other email threats. Even the most effective layered technical security architecture simply isn’t enough to prevent the compromise of confidentiality, integrity, and availability no matter the threat vector. The term “social engineering” has been used for years by hackers to describe the technique of using persuasion and/or deception to gain access to information systems.
The process begins with a characterization of the facility including identification of the undesired events and the respective critical assets. Guidance for defining a design basis threat is included, as well as for using the definition of the threat to estimate the likelihood of adversary attack at a specific facility.