The goal of a penetration test (pentest), also called ethical hacking, is to examine the current security status of IT systems. By performing controlled attacks, a penetration test uncovers security flaws in a realistic way. The spectrum of tested systems ranges from simple online shops to complex company networks. The attack methods are also manifold and encompass everything from passive information gathering to targeted attacks from the internet and the identification of weaknesses that can only be detected on-site.
The adaptation of the penetration test to the customer's requirements guarantees its practical relevance for the client. For this reason, even before a client decides to work with RedTeam Pentesting, a preliminary meeting is held with potential customers, to discuss how to organize their pentest for optimal results.
Pentesting - a Vital IT Security Tool
In almost every area where complex systems are used or developed, testing is a natural part of the development cycle. No car enters the road without a crash test, no buildings are constructed without checking the building material for its suitability. However, business-critical IT systems and software are often introduced without any security tests.
The Company Network - a Development that Needs Testing
The deficit in many a company's network security is often a result from the misconception that only companies developing a product need testing. It is regularly overlooked that a company's network can be seen as some kind of internal product. Nowadays, many large organizations conduct pentests in regular intervals. This ensures that changes in their systems do not open new security holes and leave them vulnerable. An increasing number of smaller companies also start to realize that their development cycle lacks security tests, and introduce them to check their IT infrastructure.
RedTeam Pentesting performs not only the classic network penetration test. Any IT product for which security is relevant can be tested. A typical example are web applications like online shops that are provided over the Internet to a large user base. This helps developers to complement their own product tests with RedTeam Pentesting's IT security know-how. More information is also available in the product test section.
A Pentest's Workflow
Despite the individuality of every pentest, its workflow can be categorized into the four phases of reconnaissance, enumeration, exploitation and documentation. Reconnaissance denotes the information gathering before an attack. During the enumeration phase, attack vectors are identified and then exploited in the exploitation phase. In the documentation phase, as its name already implies, all the steps necessary to reproduce the attack are documented, which is the basis for the detailed report customers receive at the end of a penetration test. These phases are re-iterated multiple times in a normal pentest, to include newly found insight in the current analysis. More information about the different phases is available at the pages linked above.