Penetration Test - Pentest
The Penetration Test (pentest) is the service performed by Information Security specialists that aims to precede the steps of a real attacker in an attempt to exploit vulnerabilities in systems and applications in order to remediate them before they are used for malicious purposes, such as access to confidential information, denial of services that directly and indirectly support the business, the hijacking of company data for the purpose of requesting ransom, among others, generating a negative impact on the business.
By performing the Penetration Test, it is possible to simulate real attacks to understand how systems and applications behave in response to these attacks, map existing vulnerabilities and correct them, reducing the existing attack surface for the action of these malicious individuals.
There are basically 3 types of Penetration Tests. Each type has its clear and defined objectives, relevant to different scenarios and needs:
-
Blackbox: when no information about the system or application is shared with the experts, test performers, in order to get as close as possible to a real attack, simulating commonly applied discovery techniques, thus mapping to the exposure of the tested system or application.
-
Graybox: when part of the information about the system or application is shared with specialists, test performers, in order to optimize the time needed to map data flows, create user accounts, API endpoints, etc.
-
Whitebox: when all information about the system or application is shared with the experts, test performers, with the objective of raising the level of assertiveness of the identification of existing vulnerabilities, optimizing the time used in mapping the environment to perform the test.
Identify your application's critical vulnerabilities, understand how they can be exploited, and learn how to fix them!
