The concept of “Penetration Testing” means different things to different people. Traditionally, a Pen Test is the attempt to infiltrate an organization’s infrastructure from the outside world (i.e., through their firewall).
However, this is not always the case – often times “Pen Tests” are nothing more than a vulnerabilty scan. Vulnerabilty Scans lack the human decision-making process that drives the most succesfull attacks, and cannot be used as a measure of true risk (although they are important).
Although Vulnerability Scanning is a part of WireHead’s Pen Test, we do not rely on this data alone to identify real “risk”; rather, we perform a custom mix of “passive” and “active” penetration testing methods, driven by human interaction.
WireHead’s Pen Testing services are custom-made for each engagement, regardless of your industry and deployed technologies. We have three basic types of Pen Tests:
Black Box Test
A “Black Box” Pen Test is a penetration test where the target organization reveals no information to our consultants, nor do we reveal the exact time and methods of intrusion to be used. This can often be a good measure of what an attacker at that point in time could likely gain access to, but is not always a valid measurement of risk.
White Box Test
A “White Box” Pen Test is where both parties exchange all information about the target environment, and all testing times and methods are revealed to the client. A White Box test, although ensuring that all resources are tested, is also not always a valid measurement of risk, as certain information would not normally be available to a potential attacker.
Grey Box Test
A “Grey Box” Pen Test (our preferred method of testing) is a combination of the above black and white box testing. Relatively little information is exchanged about the target environment, but we keep the client in the loop and exchange information as necessary, often allowing us to understand the associated risks between various network endpoints and services.
All of our Pen Tests are comprehensive and well documented, and include a “Passive Assessment”, whereby data about the target environment is collected passively (i.e., without sending a single packet to the target network) and a relative risk profile calculated based on the amount of information leakage from the target organization.
We have found that the data from the Passive Assessment has a significant correlation to the real risk determined after performing any of the active testing methods.
