{"id":296,"date":"2017-01-20T16:09:59","date_gmt":"2017-01-20T12:09:59","guid":{"rendered":"http:\/\/www.awebtoknow.com\/?p=296"},"modified":"2022-02-14T11:19:46","modified_gmt":"2022-02-14T07:19:46","slug":"what-is-penetration-testing","status":"publish","type":"post","link":"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/","title":{"rendered":"What Is Penetration Testing? And Why Your Business Needs It Now"},"content":{"rendered":"<p>Eighty-five percent of small businesses in the U. S. have been hacked. The important and sensitive information stored on their Information Technology (IT) systems has been stolen, changed, or made public. When a big company is hacked (e.g., Target, Home Depot, Sony), it&#8217;s all over the <a href=\"https:\/\/newsakmi.com\/\">US news<\/a>, but it&#8217;s actually the smaller companies that are more at risk.<\/p>\n<p>Small companies tend to dismiss the threat, thinking hacking is only a problem for large corporations or the finance industry. They don&#8217;t invest enough in security for their IT systems. If they have a data security specialist on board, the person&#8217;s responsibilities include a whole range of IT duties, and he or she can&#8217;t keep up with the latest malicious code or software patches. Some companies use whatever security resources they have on damage control rather than prevention. Hackers love this. They bank on the lax security in the systems of smaller companies. The \u201cwhite hat\u201d hackers (the good guys) perform <a href=\"https:\/\/www.darkhackerworld.com\/2022\/01\/automated-penetration-testing-top-tools.html\">penetration testing<\/a> (\u201cpen testing\u201d) to make it difficult for the hackers to get into IT systems.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-299\" src=\"http:\/\/www.awebtoknow.com\/wp-content\/uploads\/2017\/01\/Penetration-Testing-Network.png\" alt=\"Penetration Testing\" width=\"620\" height=\"313\" srcset=\"https:\/\/www.awebtoknow.com\/wp-content\/uploads\/2017\/01\/Penetration-Testing-Network.png 620w, https:\/\/www.awebtoknow.com\/wp-content\/uploads\/2017\/01\/Penetration-Testing-Network-300x151.png 300w\" sizes=\"(max-width: 620px) 100vw, 620px\" \/><\/p>\n<p>A pen test on a computer system, network, or Web application determines where the system is vulnerable to attacks. The test team gathers information about the system, attempts to break into it, identifies the primary routes into your system that hackers can take, and compiles a report on their findings. The vulnerabilities can exist in operating systems, service and application flaws, improper configurations, and the actions of end-users. Also tested is an organization&#8217;s security policy and its ability to identify and respond to breaks in security.<\/p>\n<p>There are different types of pen testing. Target, external, and internal tests are on the lower end of the cost scale. They uncover weaknesses, but are limited in scope and time compared to the unlimited time (and apparently patience) that real hackers have.<\/p>\n<ul>\n<li>Targeted testing is a \u201clights turned on\u201d approach. The organization&#8217;s IT team and the pen testing team collaborate, and they both see the test as it is being carried out.<\/li>\n<li>External testing is performed on visible servers or devices, including domain name servers, e-mail servers, Web servers or firewalls, to determine if and how attackers can get in and how far they can go once they&#8217;re inside.<\/li>\n<li>Internal testing is conducted behind a company&#8217;s firewall to determine how much damage can be done by an employee or contractor who has legitimate access to the system (if they get fired and their access has not been terminated, for instance).<\/li>\n<\/ul>\n<p>Blind and double blind tests are more time-consuming and, therefore, more expensive.<\/p>\n<ul>\n<li>For a blind test, the testing team has very little information, just like real hackers. Sometimes the testers have no more than the company&#8217;s name to get them started on trying to break in.<\/li>\n<li>A double blind test carries the blind test one step further. Not only is the testing team given limited information, but only one or two people within the organization know a test is being conducted. While the team tests for vulnerabilities in the system, they are also monitoring how effectively the company identifies and responds to threats.<\/li>\n<\/ul>\n<p>The question isn&#8217;t \u201cWhy does my company need a pen test?,\u201d it&#8217;s \u201cWhy would you not have a pen test done?\u201d Any company with an IT system cannot afford to continue operating without a pen test.<\/p>\n<ul>\n<li>\u00a0Find out just how serious business operations would be affected in the event of an attack.<\/li>\n<li>\u00a0After a security breach, determine the vectors (paths) the hacker used to gain access. A pen test can re-create the attack chain so that upgraded security controls will impede future attacks.<\/li>\n<li>\u00a0Your security personnel get experience in detecting and responding to attacks as well as learn how to force out a hacker who gotten inside.<\/li>\n<li>Developers learn what mistakes to avoid in the future when they see how an attacker can break into an application. The expert and experienced pen test team finds vulnerabilities that the development team or security never even think to look for.<\/li>\n<li>The report generated by a pen test enables the company to prioritize future security investment. It also can be used to support proposals to upper management or investors to allocate additional funds for security personnel and technology.<\/li>\n<\/ul>\n<p>Do not confuse pen testing with a \u201cvulnerability scan\u201d or \u201ccompliance audit.\u201d<\/p>\n<p>A vulnerability scan uses automated network- or application-scanning software. The value of a pen test lies in the skills and acuity of the team members conducting the test. The team may use automated tools, but the vital component is their expertise and experience. The most advanced automated test cannot compare to the human mind that thinks laterally and outside of the box and can analyze and synthesize.<\/p>\n<p>Organizations, such as those that accept a particular volume of credit card transactions or that store Protected Health Information, must perform a compliance audit. An organization can be absolutely, completely compliant and still be vulnerable to attacks. Needing to comply is not the same as being genuinely concerned about intellectual property, the risk to that property and the possibly dire consequences to the people who will be affected by the breach.<\/p>\n<p>If the goal is merely to comply rather than to analyze the threats to the system, a company is more prone to test with a less expensive automated service. Get that report, check that chore off the \u00a0list, right? Let&#8217;s ignore for a moment the possibly devastating effects a compromise to the system will have on a company. In a purely selfish sense, if you go with an \u201ceconomy class\u201d test and the system is hacked, you&#8217;re going to have to justify your decision, and that&#8217;s not likely to go well for you.<\/p>\n<p>The situation is not if, but when, your system will be hacked. You need to be able to detect, contain, and recover from the breach. Your security personnel need to know how to respond to a real incident.<\/p>\n<p>Your first pen test record is likely to be an eye-opening experience. Your company is much more vulnerable to attack than you ever dreamed. <em>All<\/em> pen testings find vulnerabilities. <em>No<\/em> system is perfect and all security measures can be improved.<\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>Eighty-five percent of small businesses in the U. S. have been hacked. The important and sensitive information stored on their Information Technology (IT) systems has been stolen, changed, or made public. When a big company is hacked (e.g., Target, Home Depot, Sony), it&#8217;s all over the US news, but it&#8217;s actually the smaller companies that [&hellip;]<!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":2,"featured_media":302,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What Is Penetration Testing? And Why Your Business Needs It Now<\/title>\n<meta name=\"description\" content=\"It&#039;s actually the smaller companies that are more at risk. Small companies tend to dismiss the threat, thinking hacking is only a problem for large corporations or the finance industry.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is Penetration Testing? And Why Your Business Needs It Now\" \/>\n<meta property=\"og:description\" content=\"It&#039;s actually the smaller companies that are more at risk. Small companies tend to dismiss the threat, thinking hacking is only a problem for large corporations or the finance industry.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/\" \/>\n<meta property=\"og:site_name\" content=\"A Web Not to Miss\" \/>\n<meta property=\"article:published_time\" content=\"2017-01-20T12:09:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-14T07:19:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.awebtoknow.com\/wp-content\/uploads\/2017\/01\/Penetration-Testing-For-Business.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"353\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Austin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Austin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/\",\"url\":\"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/\",\"name\":\"What Is Penetration Testing? And Why Your Business Needs It Now\",\"isPartOf\":{\"@id\":\"https:\/\/www.awebtoknow.com\/#website\"},\"datePublished\":\"2017-01-20T12:09:59+00:00\",\"dateModified\":\"2022-02-14T07:19:46+00:00\",\"author\":{\"@id\":\"https:\/\/www.awebtoknow.com\/#\/schema\/person\/accd778ff9866597eba96c2efc9946a1\"},\"description\":\"It's actually the smaller companies that are more at risk. Small companies tend to dismiss the threat, thinking hacking is only a problem for large corporations or the finance industry.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.awebtoknow.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is Penetration Testing? And Why Your Business Needs It Now\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.awebtoknow.com\/#website\",\"url\":\"https:\/\/www.awebtoknow.com\/\",\"name\":\"A Web Not to Miss\",\"description\":\"The Unpublished - that&#039;s seen the light\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.awebtoknow.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.awebtoknow.com\/#\/schema\/person\/accd778ff9866597eba96c2efc9946a1\",\"name\":\"Michael Austin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.awebtoknow.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f4211ec27557ee70654c7c15d5d1ba7e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f4211ec27557ee70654c7c15d5d1ba7e?s=96&d=mm&r=g\",\"caption\":\"Michael Austin\"},\"description\":\"A blogger, personal finance enthusiast with slight \u201caddiction\u201d of planning and organizing whether it\u2019s budget, business or just life in general. When you run into an article around the web you can clearly tell it\u2019s Michael\u2019s work,as it can never be mixed with anyone else's , because of his very unique own voice. Finances, real estate, budgeting, new technological solutions are not the only talking points, that he has his heart set on. Passionate about life he studies and writes about environmental changes, human rights and quality of life. Being a true humanist he draws inspiration from the simple thing as an everyday life and the matters one come across on daily bases doing his best and above to help everyone around.\",\"sameAs\":[\"https:\/\/www.awebtoknow.com\/\"],\"url\":\"https:\/\/www.awebtoknow.com\/author\/michael\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Is Penetration Testing? And Why Your Business Needs It Now","description":"It's actually the smaller companies that are more at risk. Small companies tend to dismiss the threat, thinking hacking is only a problem for large corporations or the finance industry.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/","og_locale":"en_US","og_type":"article","og_title":"What Is Penetration Testing? And Why Your Business Needs It Now","og_description":"It's actually the smaller companies that are more at risk. Small companies tend to dismiss the threat, thinking hacking is only a problem for large corporations or the finance industry.","og_url":"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/","og_site_name":"A Web Not to Miss","article_published_time":"2017-01-20T12:09:59+00:00","article_modified_time":"2022-02-14T07:19:46+00:00","og_image":[{"width":800,"height":353,"url":"https:\/\/www.awebtoknow.com\/wp-content\/uploads\/2017\/01\/Penetration-Testing-For-Business.jpg","type":"image\/jpeg"}],"author":"Michael Austin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Austin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/","url":"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/","name":"What Is Penetration Testing? And Why Your Business Needs It Now","isPartOf":{"@id":"https:\/\/www.awebtoknow.com\/#website"},"datePublished":"2017-01-20T12:09:59+00:00","dateModified":"2022-02-14T07:19:46+00:00","author":{"@id":"https:\/\/www.awebtoknow.com\/#\/schema\/person\/accd778ff9866597eba96c2efc9946a1"},"description":"It's actually the smaller companies that are more at risk. Small companies tend to dismiss the threat, thinking hacking is only a problem for large corporations or the finance industry.","breadcrumb":{"@id":"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.awebtoknow.com\/how\/what-is-penetration-testing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.awebtoknow.com\/"},{"@type":"ListItem","position":2,"name":"What Is Penetration Testing? And Why Your Business Needs It Now"}]},{"@type":"WebSite","@id":"https:\/\/www.awebtoknow.com\/#website","url":"https:\/\/www.awebtoknow.com\/","name":"A Web Not to Miss","description":"The Unpublished - that&#039;s seen the light","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.awebtoknow.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.awebtoknow.com\/#\/schema\/person\/accd778ff9866597eba96c2efc9946a1","name":"Michael Austin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.awebtoknow.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f4211ec27557ee70654c7c15d5d1ba7e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f4211ec27557ee70654c7c15d5d1ba7e?s=96&d=mm&r=g","caption":"Michael Austin"},"description":"A blogger, personal finance enthusiast with slight \u201caddiction\u201d of planning and organizing whether it\u2019s budget, business or just life in general. When you run into an article around the web you can clearly tell it\u2019s Michael\u2019s work,as it can never be mixed with anyone else's , because of his very unique own voice. Finances, real estate, budgeting, new technological solutions are not the only talking points, that he has his heart set on. Passionate about life he studies and writes about environmental changes, human rights and quality of life. Being a true humanist he draws inspiration from the simple thing as an everyday life and the matters one come across on daily bases doing his best and above to help everyone around.","sameAs":["https:\/\/www.awebtoknow.com\/"],"url":"https:\/\/www.awebtoknow.com\/author\/michael\/"}]}},"_links":{"self":[{"href":"https:\/\/www.awebtoknow.com\/wp-json\/wp\/v2\/posts\/296"}],"collection":[{"href":"https:\/\/www.awebtoknow.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.awebtoknow.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.awebtoknow.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.awebtoknow.com\/wp-json\/wp\/v2\/comments?post=296"}],"version-history":[{"count":0,"href":"https:\/\/www.awebtoknow.com\/wp-json\/wp\/v2\/posts\/296\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.awebtoknow.com\/wp-json\/wp\/v2\/media\/302"}],"wp:attachment":[{"href":"https:\/\/www.awebtoknow.com\/wp-json\/wp\/v2\/media?parent=296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.awebtoknow.com\/wp-json\/wp\/v2\/categories?post=296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.awebtoknow.com\/wp-json\/wp\/v2\/tags?post=296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}