Unlike a vulnerability assessment, penetration testing simulates the actions of an attacker whose goal is to compromise your organization and its systems. Using several vetted cyber security tools and techniques, we attempt to exploit critical systems and gain access to your sensitive data. Depending on the scope, a pen test can expand beyond your network to include social engineering attacks or physical security tests.
The typical 38North pen test involves an active analysis for potential vulnerabilities that could result from poor or improper configuration, known and unknown software/hardware flaws, and operational weakness in process or technical countermeasures. The analysis is carried out as if we are hackers, and it involves the active exploitation of vulnerabilities that could compromise your cyber assets. We will remain vigilant during the testing so as not to delete any live data, and we make every attempt not to disrupt current operations. Our pen testers also won’t perform any denial of service attacks on your organization.
At the conclusion of the testing, we provide our analysis on your organization’s exploitable vulnerabilities, along with recommended strategies for remediation. We also work with you to examine the merits of these strategies in accordance with your organizational risk tolerance, available budget and effectiveness of remedial measures in minimizing further exploitation.
Choose your type of penetration test:
- White box: Uses vulnerability assessment results and other pre-disclosed information to perform the test(s).
- Black box: Performed with very little knowledge of the target system, leaving the tester to perform his/her own reconnaissance.