Every organization manages information for its daily operation. It is common that tools are used for its treatment on computers, mobile phones, tablets, communication lines, etc. In any case, working with information carries a series of risks. What if our company were the victim of an information leak or suffered a denial of service attack? Faced with these threats, we have to analyze the systems that support the management of information in the company, to assess the risks associated with its use and that is where Pentesting comes in.
Pentesting or Penetration Testing is the practice of attacking various environments with the intention of discovering flaws, vulnerabilities or other security flaws, in order to prevent external attacks on those computers or systems. In computer security there are different sectors, we have the Red Team and the Blue Team. The former is the most offensive part of pentester computer security, and the latter is the defensive part of penstesters.
In preparation for the pentesting, a plan is made with a set of targeted attacks, depending on the technology used in the company and its security needs. For this, the auditors have methodologies, some specific according to the technology or security standards that we want to implement, and others more general, which help them to carry them out systematically. They choose which tests we want them to carry out and on which applications or services.
There are also different types of penetration tests which would be:
▸White box: If they have all the information about the systems, applications and infrastructure, being able to simulate that the attack is carried out by someone who knows the company and its systems.
▸Gray box: If they have some information but not all.
▸Black box: If they do not have information about our systems; in this case, it simulates what a third-party cybercriminal would do.
Check also:
Who are the White Hat Hackers?
Red and Blue Team – what functions does they cover
