A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, service and application ﬂaws, improper configurations, or risky end-user behaviour. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies.
Penetration tests are typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure. Once vulnerabilities have been successfully exploited on a particular system, testers may attempt to use the compromised system to launch subsequent exploits at other internal resources, specifically by trying to incrementally achieve higher levels of security clearance and deeper access to electronic assets and information via privilege escalation.
Information about any security vulnerabilities successfully exploited through penetration testing is typically aggregated and presented to IT and network systems managers to help those professionals make strategic conclusions and prioritize related remediation eﬀorts. The fundamental purpose of penetration testing is to measure the feasibility of systems or end-user compromise and evaluate any related consequences such incidents may have on the involved resources or operations.
Penetration testing should be performed on a regular basis to ensure more consistent IT and network security management by revealing how newly discovered threats or emerging vulnerabilities may potentially be assailed by attackers. In addition to regularly scheduled analysis and assessments required by regulatory mandates, tests should also be run whenever:
Using Core Impact for Penetration Testing
Core Impact is the most comprehensive solution for assessing and testing security vulnerabilities throughout your organization. Core Impact is the only solution that empowers you to replicate attacks that pivot across systems, devices, and applications, revealing how chains of exploitable vulnerabilities open paths to your organization’s mission-critical systems and data.
Core Impact gives you visibility into the effectiveness of your endpoint defences and reveals where your most pressing risks exist across your network. This enables you to evaluate your organization’s ability to detect, prevent, and respond to real-world, multi-staged threats.
Core Impact simplifies testing for new users and allows advanced users to efficiently execute common tasks. This saves significant time versus manual testing, while providing a consistent, repeatable process for testing infrastructure. It has Multi-Vector Testing Capabilities to test for exploitable vulnerabilities across Network, Web, and Mobile.