Penetration Test

What is the penetration test (pentest)?

It is a systematic process aimed at identifying and highlighting the potential vulnerabilities present within an IT infrastructure.
The penetration test allows you to estimate the real degree of exposure of Devices, Systems, Applications and, above all, Company data, documenting the factors capable of compromising the confidentiality, integrity and availability of the resources in use.
The final purpose, therefore, is to obtain awareness on the levels of security and protection measures in use, so as to ensure the timely correction of all vulnerabilities that can expose the infrastructure to dangerous and violent cyber attacks, also satisfying the legislative compliance defined, for example, by the GDPR.

Penetration testing is a systematic process of researching vulnerabilities in your applications and computer networks. It is essentially a form of controlled cyber-piracy, whereby “hackers devoted to the good side of the force” work in your favor to find through specific tests, any kind of weakness that could be exploited by cybercriminals.

81% of reported intrusions are not detected by internal security processes, but rather by news, notifications from law enforcement agencies or fraud monitoring conducted by third parties outside the company.

But who is behind these violations?

92% Foreigners to the organization
50% organized criminals
28% Internal actors of the organization
12% Actors affiliated with States / Nations
2% partners
2% More actors involved

MALWARE

Software designed for the purpose of disrupting, damaging or gaining access to a system

Web-based attacks

Attacks that use web components as an attack surface, such as browsers, servers, browser extensions

Attacks on APPs

Attacks against web applications and services, as they provide an API interface to web sources

Denial of service

Attack in which the intruder tries to overwhelm a server by exponentially increasing incoming traffic, with the aim of making it unavailable to other users

Botnet

Devices with internet connection used in large numbers to perform DDoS attacks, steal data, send spam, and allow access to devices and connections

Phising

Emails that appear to come from real companies with the purpose of convincing people to reveal personal information, such as passwords and credit card numbers

Ransomware

Malware that holds data and computer systems hostage or threatens to reveal confidential data until a ransom is paid

Internal threats

Attacks that come from people inside the organization, especially those who have access to confidential information or IT systems

THE GUIDELINES FOR PERFORMING A PENETRATION TEST SHOULD BE BASED ON AN EVALUATION OF RELEVANT CRITERIA, INCLUDING TYPICALLY:

Following a serious violation of a similar organization
Assess the risk of compromising critical systems and data
To comply with a regulation or standard such as PCI DSS and GDPR
To manage the risks associated with the use of a large number and variety of outsourced services
To ensure the safety of new applications or significant changes in processes

PENETRATION TEST OF WEB APPLICATIONS

Detect security problems within a site or web application that could be exploited by a hacker, causing irreparable damage or data theft.

SIMULATED PHISING TEST

Provide an independent assessment of staff susceptibility to phishing attacks and review your security awareness campaigns

NETWORK PENETRATION TEST

Track down security problems within your network infrastructure. The network penetration test is likely to scan your wired and wireless networks

The penetration test is designed to provide a focused and realistic assessment of the current state of security and the risks cybercriminals pose to your business.

INITIAL EXAMINATION

An evaluation of your systems, networks and applications to define the scope of the test.

EXPLORATION

Collecting information about your organization and how it operates. Automated scanning is used to identify potential flaws in the security system.

ASSESSMENT

Manual tests attempt to compromise the system environment and identify attack vectors for the entire network.

COMMUNICATION

Provides a report containing a summary of each identified flaw, analyzed based on the potential for damage to reprocessing, exploitation and visibility

PRESENTATION

If necessary, a briefing session with your management team to illustrate the test results and analysis of the current security system.

REPEAT THE TEST

A further analysis of your system, in order to ensure that all security flaws have been successfully resolved

A penetration test carried out by IT Governance identifies, on average, for each report, 3 results at critical risk, 8 at high risk, 43 at medium risk.

CRITIC

the threat could gain full control of the system or application or make it unusable for authorized users, using known methods and tools.

HIGH

The threat could gain full control of the system or application, or turn them unusable for authorized users.

MEDIUM

The threat could gain full control of the application system, or make it unusable for authorized users

LOW

The threat could obtain information about the systems, which they would like to use to gain further access

81% of penetration testers say that attackers can identify and export your data in less than 12 hours. 88% also declare that they can compromise a target at the same time. It is therefore important to develop an effective penetration testing program by establishing well-defined objectives and identifying the environments that need to be tested. The requirements for a good penetration test must consider management applications, the core IT infrastructure and confidential data.

Convenzione Lan & Wan e Assindustria Venetocentro

BENEFITS OF THE PENETRATION TEST IN THE COMPANY:

Allows you to assess the level of exposure of Devices, Systems, Applications and Business Data
Highlights the risks about the potential damage resulting from possible cyber attacks
Document all security holes in the infrastructure in use
It guarantees the safeguarding of the Company Reputation regarding the safe storage of data
Raise stakeholder awareness of safety responsibilities
It reduces the burdens (financial, legal, image, etc.) caused by a Data Breach
It guarantees high levels of protection, also satisfying the legislative compliance defined, for example, by the GDPR (Article 32 paragraph 1)

THE PENETRATION TEST – LAN & WAN

It represents one of the Security Services – L&W designed to highlight the degree of corporate security.

Implemented through the use of specialized tools, and the manual action of real Ethical Hackers, it offers 04 types of attacks (Attack Method) developed by the RED team of L&W Solutions to fully meet the security needs of IT infrastructures.

Each ATTACK PACK includes modules (PROCESS TYPE) specially packaged to provide results and safety levels aligned to the needs expressed by companies.

The results of the tests provide detailed reports that clearly describe the types of vulnerabilities identified and used, the damage to which the infrastructure in use may be exposed and, finally, the actions to be taken to solve the problems identified.

Convenzione Lan & Wan e Assindustria Venetocentro

Lan & Wan Solutions promotes its Wireless network services and projects with a highly qualified Networking team