Originally posted on https://www.bestructured.com/penetration-testing-part-1/
In the world of Cyber Security, there are obviously many technologies that one can use to fortify the lines of defense for their business or corporation. To a certain degree, depending upon how well these devices have been deployed and implemented, they should block any malicious traffic coming into your IT Infrastructure (such as malformed Data Packets, assuming that a combination of Firewalls, Network Intrusion Devices, and Routers are being used).
Then there are those tools that scan for any unseen vulnerabilities, or “holes” in your lines of defense. Examples of this include Port Scanners, Network Sniffing devices, etc. Keep in mind that no matter how sophisticated these tools are, they will not be able to detect everything.
A Definition of Penetration Testing
Thus, this is where the role of Penetration Testing comes in. With these types of exercises being conducted, your defense perimeters will be examined in great detail from both the internal and external environment. It is only through this kind of exhaustive testing that all hidden vulnerabilities, weaknesses, and holes will be unearthed.
But in order to carry out such an exhaustive task, you need highly qualified individuals to form what is known as a “Penetration Testing Team”. In this regard, Pen Testing team can be defined as follows:
“Penetration testing — also known as pen testing — views your network, application, device, and/or physical security through the eyes of both a malicious actor and an experienced cybersecurity expert to discover weaknesses and identify areas where your security posture needs improvement . . . it also simulates a real-world attack to determine how any defenses will fare and the possible magnitude of a breach.” (SOURCE 1)
A Review of The Penetration Testing Teams
In today’s world of Penetration Testing, there is no set method upon how the teams are actually organized. The number of actual Penetration Testers involved in a project will depend primarily upon key three factors:
1. The types of Penetration Tests that will be occurring;
2. The size of the business or corporation in question (this can be a direct function of employee size).
3. The complexity of the IT Infrastructure that is to be Penetration Tested.
For example, if the organization that wishes to have a Penetration Testing conducted upon its premises is a small one, with less than 20 employees, one can assume that the IT Infrastructure is relatively simple.
Thus, in this particular instance, a complete Penetration Testing team may not be needed. Rather, just two or three Pen Testers in order to execute and complete the required tests, and compile the report(s) which will summarize both the findings and recommendations.
In the next blog, we will examine how exactly the Penetration Teams are structured, and how your business can benefit from it.
1) RedTeam. (2018, March 21). What Is A Penetration Test And Why Do I Need It? Retrieved from https://www.redteamsecure.com/penetration-test-need/