Penetration Testing is more than automated network scanning

Penetration testing is the security-oriented probing of a computer system or network to uncover the vulnerabilities that an attacker can actually exploit. The testing process involves an exploration of the all security features of the system in question, followed by an attempt to breach security and penetrate the system. The same methods and tools as a real attacker are utilised.

A penetration test goes beyond the automated process of network scanning. Network scans are non-intrusive inspections that evaluate your network perimeter security. They involve using multiple commercial and open source automated tools to fingerprint network entry points and scan for any known security vulnerabilities. They are the first step of a full Penetration testing process in line with industry best practice. Penetration testing takes the process further than simply revealing the vulnerabilities that might exist.

Scanning Technologies Used

Automated scanning tools form a crucial element of Penetration Testing. They are essential for producing thorough results in an acceptable timescale and budget. It is vital that testers invest in proven safe commercial tools rather than simply using freely available open source tools.

Note: Many security organisations that provide penetration testing services will claim to use custom tools and specialised procedures, but when pressed will retreat behind a barrier of secrecy – claiming that their methods are “confidential” or “proprietary” and so cannot be disclosed. This reaction generally means that there is no methodology, or that there are no custom tools whatsoever.

We use the following open source tools:

Graylion Security’s underlying methodology is a crucial factor in the success of a penetration test.

While a penetration tester’s skills need to be specialised for the job, the approach should not be. A formal methodology will provide a disciplined framework for conducting a complete and accurate penetration test while not restricting the tester from fully exploring their intuition.

Graylion Security use the OSSTM standard as a guideline when conducting Penetration Testing.

Read more

CISA2    CISM logo      CGEIT logo         crisc2

PCI logo            oscp            CISSP logo