What is a penetration test?

A penetration test is a technique used to evaluate the security of an organization's resources and assets from the point of view of security, it allows to identify existing vulnerabilities in the infrastructure and also to carry out a more in-depth analysis. A penetration test also looks for the exploitation of vulnerabilities allowing to observe the real impact on the organization.

Penetration testing basically simulates a cyberattack on a computer system, helps to discover points of exploitation and to test if there are security breaches in the infrastructure.

Types of penetration tests

  • Penetration testing of network infrastructure.
  • Penetration testing of web applications.
  • Wireless network penetration tests.
  • Physical penetration tests.
  • Social engineering tests.

What are the objectives of a penetration test?

  • Identify the security status of the organization, systems, infrastructure or host at a given time.
  • Analyze your company considering the point of view of an attacker, identifying vulnerabilities and possible unauthorized access points.
  • Know the true impact of vulnerabilities.
  • Check if the level of security or level of protection that exists is appropriate to the security policy of the organization.
  • Check the protection measures, policies and processes for the detection and prevention of intruders, as well as the response to security incidents.

Why should a penetration test be performed?

  • Know the security status of the organization.
  • Establish a starting point to begin managing the security of the organization.
  • Build a review and improvement cycle for security.

Reports

This service offers two deliverables:

  • Executive report: this report describes the risk level of the company without mentioning technical details, only highlighting the problem through well-defined concepts and graphs.
  • Technical report: this report is aimed at IT staff, with the aim of helping to solve the problems detected, the evidence of the tests carried out, the findings are detailed and the processes and mechanisms necessary to lower the level of risk and remedy detected vulnerabilities and security gaps.