Frequently Asked Questions_
We compiled a list that is updated regularly with most popular questions we receive from our customers.
Why (your) cybersecurity matters in the time of COVID-19 epidemic
RO Hacked – Register and Catalog Web Attacks Against Websites from Romania
WannaCry crysis is not even close to be finished! Learn how to prevent other Ransomware Infection!
Stay safe for Christmas!
Are you ready for the GDPR?
Complete cybersecurity services for blockchain projects
What is security Penetration Testing?
A penetration test (or, shortly, pentest) entails deploying an attack on a computer system in a controlled environment with the sole intention of uncovering security weaknesses and exploiting them safely to potentially gaining access to the system, its functionality, and data.
The process involves identifying the target systems and the goal, then reviewing the accessible information and undertaking available means to attain the goal.
A penetration test target comes in various formats:
- white box – where all background and system information is provided
- black box – where only basic or no information is provided, except the company name
- grey box – where white box & black box tests are conducted.
A penetration test can help determine whether a system is vulnerable to attack, if the defenses were sufficient, and which defenses (if any) were defeated in the penetration test.
Security issues uncovered through the penetration test are reported to the system’s owner.
Penetration test reports may also assess the potential impacts to the organization and suggest countermeasures to reduce risks.
Penetration tests are valuable for several reasons:
- Determining the feasibility of a particular set of attack vectors
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
- Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of network defenders to successfully detect and respond to the attacks
- Providing evidence to support increased investments in security personnel and technology.
How are white box, black box, and grey box penetration testing methods different?
White Box Pentesting
Also known as glass box, structural, clear box and open box testing.
This is a testing technique whereby explicit knowledge of the internal workings of the item being tested is used to select the test data.
White Box Testing starts from a point of complete knowledge of the infrastructure to be tested, often including network diagrams, source code, and IP addressing information.
Black Box Pentesting
Black Box Security Testing has an unique approach and assumes no prior knowledge of the infrastructure to be tested.
Grey Box Pentesting
The Grey Box Testing is a blend of Black Box testing and White Box testing techniques.
This multifaceted test results in a comprehensive and highly focused test that cuts down on testing time-frame and budget.
Moreover, this approach helps our engineers to learn how your application works and test at both ends whether a suspicious vector of an attack is plausible or not, minimizing false positive results.
Why should I contract Penetration Testing for my company?
Security breaches and any related interruptions often result in direct financial losses, threaten organizations’ reputations, erode customer loyalty, attract negative press, and trigger significant fines and penalties.
A recent study conducted by EY (EY Global Information Security Survey 2018-2019) reported the average cost of a data breach for the affected company is now $3.62 million.
Organizations have traditionally sought to prevent breaches by installing and maintaining layers of defensive security mechanisms, including user access controls, cryptography, IPS, IDS and firewalls.
However, constantly adopting new technologies introduces a lot of complexity which makes it even more challenging for security engineers to react, protect, and eliminate high and critical vulnerabilities on a day-to-day basis.
Penetration testing evaluates your organization’s ability to protect its networks, applications, endpoints, and users from external or internal attempts to circumvent its security controls and gain unauthorized or privileged access to protected assets.
Test results validate the risk posed by specific security vulnerabilities or flawed processes, enabling IT management and security professionals to prioritize remediation efforts.
By embracing more frequent and comprehensive penetration testing, organizations like yours can anticipate emerging security risks more effectively and prevent unauthorized access to critical systems and valuable information.
We have a firewall in place that restricts access to our database and internal services. Do I still need Penetration Testing?
YES!
Having a firewall in place that restrict access to your database and/or internal services doesn’t guarantee your assets will be secured.
We usually consider any restriction integrated by a firewall to be a “Security by Obscurity” mechanism that doesn’t come close to a robust security mitigation approach.
Anyone who can use a USB drive in a local network, connect to Wifi in your building or access one of your online and public services could also escalate his privileges to gain access to sensitive data.
Is Penetration Testing safe? Can it disrupt my business in any way?
Our team has extensive experience in information security, particularly with Penetration Testing.
Over the last 10 years, we fine-tuned our approach to remove any situation that might make your companies assets unresponsive. Moreover, each time we have to test something that might affect your availability, you’ll be notified and we will act according to your needs.
