1. What is penetration testing ?
This is the process using experienced experts, certified by professional organizations, to perform simulation attack into system aim to identify and fix vulnerabilities before they were detected and exploited by hacker.
2. Why need to perform penetration testing ?
Penetration testing help companies mitigate/prevent risks, include:
• Prevent to lost revenue (due to hacker, insider, or unreliable system or business process)
• Protect company ‘s reputation and customer ‘s trust in company ‘s brand
• Identify security holes, quantified impact and risk to help company have positive response, expected resource for information security
3. Which kind of system and application could be performed penetration testing ?
All of components (device, application, personel,…) in company related to store and process information could be tested, such as:
• Operating System, Application, Database, Network device,…
• Company Website, Web-based application
• Perimeter Network (Firewall, IPS, Router,…)
• Internal Network (Sharing Resource, Open Ports, Passwords,…)
• Wireless Network
• Social Engineering
• Physical Access