Penetration testing can be defined as a hacker, malware or attack simulation tests that aim to measure the level of security and prevent the identified risks of an institution/organization against the cyber attacks before they occur.
Tests are performed by security experts that called white hat hackers, who specially trained in this area of expertise. After the completed, the risks resulting from the work are presented in a technical language that is suitable for the staff of Information technology, and it is also presented in the content and the format that the management can interpret and decide.
Types of tests are;
External Penetration Tests: Identify and exploit vulnerabilities on systems, services and applications exposed to the Internet
Internal Penetration Tests: Emulate a malicious insider or an attacker that has gained access to an end user’s system, including escalating privileges, installing custom crafted malware and/or exfiltrating faux critical data
Web Application Assessments: Comprehensively assess web or mobile applications for vulnerabilities that can lead to unauthorized access or data exposure
Wireless Technology Assessments: Assess the security of your deployed wireless solution, be it an 802.x, Bluetooth, zigbee, or others
ICS Penetration Tests: Combine penetration testing and exploitation experience with ICS expert knowledge to prove the extent an attacker can access, exploit or otherwise manipulate critical ICS/SCADA systems