IT Examiner School, Providence, RI

Penetration Test (Pen Test)

Pen Test “tests”  systems to find and  exploit known  vulnerabilities that an  attacker could exploit

Determine if  there are 

Pen Test report  will describe any  weaknesses as  “high”, “medium”  or “low”

Require  management’s  knowledge &  consent

Require a high  degree of skill to  perform

weaknesses and  if able to access  system  functionality and  data

Are intrusive as  actual “attack”  tools are used

Pen Test Strategies

Targeted  Testing

External  Testing

Internal Testing

mimics an insider  attack by an  authorized user  with standard  access privileges  (what can happen  with a disgruntled  employee)

targets externally  visible servers or  devices (seen by  anybody on  Internet) to see if  they can get into  internal systems  and how far

performed by the  entity’s IT team and  external testing  team