Penetration testing is a simulated real-world attack against an infrastructure or application targeted at finding security weaknesses and examining the existing security status of the IT system. A penetration test tries to find vulnerabilities which are then exploited using the proof-of-concept principle. Such a test is usually conducted in the following four phases:
The first phase, reconnaissance, involves the gathering of information of a system set for assessment. Following data collection, the second phase, enumeration, kicks in. In this phase, identification of potential entry points into the system is performed.
Upon successful identification, the third phase, exploitation, comes into effect. During this time, testers will actively attempt to exploit security weaknesses. In the event of a compromised system, an expanded attack scope will be carried out. The last phase, documentation, ensures that every procedure and effect is recorded so that they can be reconstructed in detail.
The fact that penetration tests provide an excellent view of the current security status of an organisation cannot be ignored. The result of the penetration test will help business owners gain a better understanding of their current levels of exposure, identify the various aspects of IT-security that are lacking, and provide details for rectifying the vulnerabilities which surface from the test.
Within TÜV SÜD, internationally accredited certification bodies offer services for various management systems. We have extensive experience in auditing and certifying a wide range of internationally recognised management systems. Our experienced team will guide you through the process, from on-site audits to certification. We will help you to identify opportunities and minimise potential risks. By being your partner, your company’s commitment to the safest standards will gain global recognition.