keep calm and let the ethical hacker handle it
Penetration testing is commonly referred to as a ‘pen test’ or ‘ethical hacking’.
In simple terms it is a simulation of the process a hacker would use to launch an attack on a business network, attached devices, network applications, or a business website.
The purpose of the simulation is to identify security issues before hackers can locate them and perform an exploit.
Penetration testing works by intentionally allowing a controlled breach of the network, systems and security. It is not recommended that this service should be performed by any company located outside of Australia.
What colour hack do you choose?
There are different methodologies to penetration testing. The three most common are colour-coded as black, white or grey.
Black Box Test
A Black Box penetration test is when the hacker is not provided with any information about the network. This type of test requires comprehensive network exploration to determine the best way to organise a simulated attack. Black box penetration testing is a more realistic simulation of an attack on a network. This method is used by businesses that want to stay on top of what hackers can do within a very short period of time.
White Box Test
White Box penetration testing occurs when the hacker has available to them all the data and information associated with a network and its architecture. This type of pen test is more like an audit and provides a comprehensive approach to security testing. This form of pen testing is used by businesses that want to ensure every single aspect of their network is as secure as possible.
Grey Box Test
Grey Box penetration testing is when the hacker is provided with all internal information for a network including technical documents, user privilege credentials, and more. Based on the internal information collected, a highly sophisticated network attack can be launched to determine what can happen when hackers gain access to sensitive information. Grey Box pen tests are a common approach that provides detailed security testing that takes place over a shorter period than the more involved process of White Box pen tests.
Other network monitoring tests such as intrusion detection, packet sniffing, and other methods are also often deployed to determine the status of network security.
MobileCorp penetration testing professional service
Penetration testing is a security specialism. MobileCorp works with leading Australian-based security vendors like Zirilio to offer penetration test management as part of a broader security audit or network assessment; or as a standalone service.
MobileCorp works only with Australian-based vendors who hold the following certifications:
- AS/NZS ISO/IEC 27002:2006 – Code of practice for information security
- AS/NZS ISO/IEC 27001:2006 – Specification for information security management systems
- AS/NZS ISO 31000:2019 – Risk Management – Principles and Guidelines