Penetration Testing More mature than that of vulnerability assessment, the purpose of penetration test it so find as many vulnerabilities as possible and later exploit them to gain access to PII data, credit card numbers, other sensitive information and company trade secrets.

What is a Penetration Test?

Penetration testing is a process where our team would analyze, enumerate and exploit all known security vulnerabilities found on your systems or applications. Exploiting those vulnerabilities you will be able to understand the risk and the depth of that attack and thus will be able to prioritize those risks.

There are two known approach performing penetration testing, these are black-box and white-box approach, during a black-box engagement Nullforge team is only given very less information about the target system, it is part of our duty to expand that information and chain those attacks in order to achieve the goal of accessing sensitive information such as PII, credit card information and company trade secrets. In contrast the white-box approach are provided with handful of information making it easier for the testers gain access.

How Often do you need Pentest?

With technology rapidly evolving, frequency of performing a penetration test on your systems and applications should be in parallel with that rapid evolution. Whenever you deploy new system or application penetration testing should come next to recheck the security posture of the new deployment. Security testing or penetration testing is not a one time process, but should be part of the IT life-cycle whether it's hardware or software.

Types of Pentest

The type of penetration test heavily depends on the client's needs. Nullforge offers the following types of penetration tests.

Wireless penetration test, wireless access points and hotspots are everywhere, from malls, restaurants, coffee shops and even your company. Wireless technology has gained its popularity, this popularity has also exposed many of its vulnerabilities. The wireless penetration test will help you identify the security vulnerabilities that an attacker can exploit and use it to gain access to your internal network.

Web application penetration test, having a web application is your basic presence in the cloud and it is also the most vulnerable as this is publicly exposed to thousands of attackers, performing a web application penetration test will identify all attack vectors tied to the application, it could be a web application bug or the web server itself.

Mobile application penetration test, having a computer in your palm was revolutionary, to date, there 30 billion mobile app downloads in iOS upstream and 15 billion downloads in the Google Playstore. But did you know that these mobile applications are the sweet spots of attackers due to its lack of security? With mobile application penetration test your chances of exposing your internal infrastructure are minimized.

Network penetration test, your network is the heart of your company pumping thousands to millions of data per second, once an attacker gets hold of your network the plethora disruption is inevitable. The network penetration test is given a fresh set of eyes to identify the threat, risks and attack vectors that attackers will be able to use to exploit.