Penetration Testing is the process of evaluating information security measures, such as computer systems and networks. These tests evaluate the security systems and the likelihood of attacks from hackers. The aim is to find potential risks to security, buy discovering ways in which others may be able to gain access and cause problems. Penetration testing effectively looks for hardware and software weaknesses. Software, internet connections and password protected areas of websites and databases are examples of the areas that are tested.

Penetration testing companies will look at the likelihood of attacks taking place and how these attacks may be attempted. They will then attempt to break through the security barriers to expose any weaknesses, as this will show any security risks. This can be done either manually or by using specialist software and the testers will act as a hacker might.

After a test has been completed anything that could results in illegal access to sensitive information would have been found, therefore making it known to the organisation in question who can then resolve these issues. Anything that can lead to financial gain by hackers with then be able to be prevented. It is important to establish potential risks to a business or organisation. Discovering areas that others could benefit from via illegal methods and any areas of vulnerability mean that extra steps can be made to ensure a high level of security.

There are a number of reasons why penetration testing can be important, or put another way, many problems that can occur if it has not been done. Insufficient security systems can result in possible financial loss either to the organisation itself or to their users or customers. Sensitive information could be broadcast to those it shouldn’t be. Both these can lead to a damaged reputation and a lack of trust or, in the worst case scenarios, legal disputes.

Most large organisations will use penetration testing companies as they are experienced in the field and organisations can therefore be confident that they will find any vulnerabilities. They have the necessary experience and software to expose problems that could potentially occur. It is very difficult to know of every possible attack so penetration testing can be crucial in establishing these, including those which may not be obvious to the organisation itself.

Penetration testing is important for anyone who stores sensitive information on information systems, with government organisations being a good example. Anyone who deals with personal information needs to be aware of security dangers. Banks and other financial institutions, or anyone else who deals with large amounts of money, are others who will usually consider penetration testing. The only way anyone can be sure there are no security risks is if they have had their entire security system assessed and then made adjustments as necessary.

Andrew Marshall (c)