Entsecure | Penetration Testing
We will explore on how penetration testing should be done and why is it so important to your organization
Why Penetration Testing
It’s an Investment in the Future! Investing in penetration testing is an investment in the future success and longevity of your business. In an era where cybersecurity threats loom large, businesses can't afford to take chances. Choose security. Choose resilience. Choose penetration testing for a safer, more secure future.
Penetration Testing Types
                                                                                                                    We categorize penetration testing into three types:  
                                                                                                                      Black box testing  simulates an attack from an outsider's perspective without any prior knowledge or limited information.
 Black box testing  simulates an attack from an outsider's perspective without any prior knowledge or limited information. 
                                                                                                                      White box testing  involves a comprehensive examination of a target system or network with full knowledge of its internal workings, architecture, and source code.
 White box testing  involves a comprehensive examination of a target system or network with full knowledge of its internal workings, architecture, and source code. 
                                                                                                                      Gray box testing   also known as hybrid testing, combines elements of both black box and white box testing approaches, where testers only have partial knowledge.
 Gray box testing   also known as hybrid testing, combines elements of both black box and white box testing approaches, where testers only have partial knowledge.    
                                                                                                                
                                                                                                                
                                                                                                                
Penetration Testing Lifecycle
                                                                                                        
                                                                                                             Pre-engagement: defining the scope of the pentest, establishing goals and objectives and obtaining necessary permissions and authorizations.
 Pre-engagement: defining the scope of the pentest, establishing goals and objectives and obtaining necessary permissions and authorizations. 
                                                                                                            
                                                                                                            
                                                                                                             Reconnaissance: identifying the mechanism or working components of the target system.
 Reconnaissance: identifying the mechanism or working components of the target system. 
                                                                                                            
                                                                                                            
                                                                                                             Threat mapping: after identifying the overall working process or components of the target, each of them will be mapped to the corresponding potential threat.
 Threat mapping: after identifying the overall working process or components of the target, each of them will be mapped to the corresponding potential threat. 
                                                                                                            
                                                                                                            
                                                                                                             Exploitation: each of the threats that has been mapped from the previous stage will be simulated in this stage to assess their visibility.
 Exploitation: each of the threats that has been mapped from the previous stage will be simulated in this stage to assess their visibility. 
                                                                                                            
                                                                                                            
                                                                                                             Reporting: once all evidence is acquired, the tester will create a detailed report that containing proof of concept and recommendation.
 Reporting: once all evidence is acquired, the tester will create a detailed report that containing proof of concept and recommendation. 
                                                                                                            
                                                                                                            
                                                                                                            
                                                                                                             Remediation: developers will patch the vulnerabilities found in the report within the given time range.
 Remediation: developers will patch the vulnerabilities found in the report within the given time range.  
                                                                                                            
                                                                                                            
                                                                                                            
                                                                                                             Regression Test: after the patches are implemented, the tester will ensure that they are sufficient to defend against the same attack.
 Regression Test: after the patches are implemented, the tester will ensure that they are sufficient to defend against the same attack.
                                                                                                            
                                                                                                            
                                                                                                            
                                                                                                             Final report: finally, the pentester will update the initial report to provide evidence that the developer has successfully patched the vulnerabilities.
 Final report: finally, the pentester will update the initial report to provide evidence that the developer has successfully patched the vulnerabilities.
                                                                                                            
                                                                                                            
                                                                                                            
    
                                                                                                        
                                                                                                    
Penetration Testing Standards
                                
                                    We used international standards to maintain consistent results   
                                
                                 
                                 
                                 
                            
Where are we?
 
                                    
