Data breaches can lead to both direct financial impacts (recovery costs, regulatory and contractual penalties) and indirect impacts such as damage to an organization’s reputation and image.
Penetration tests involve “attacks” on network or systems in order to discover security weaknesses or vulnerabilities. This provides a level of practical assurance that any malicious user will not be able to penetrate the system. Penetration tests are an important component of any comprehensive security audit.
White box penetration testing assumes that the testers are given all information about the targeted systems. Black box testing is useful in the cases where the tester assumes the role of an outside hacker and tries to intrude into the system without any privileged knowledge of its architecture or similar information.
To facilitate testing, Phirelight uses a specific subset of its testing methodology, as well as a set of proprietary scripts and manual procedures for analysis and interpretation of results from automated scans.
Phirelight will also work with organizations to conduct full knowledge attacks of their internal networks. During these tests, our “attackers” will have access to information regarding operating systems, application architectures, and possible source code. This type of testing, which would replicate the actions of a disgruntled insider/employee, provides the most effective view that leads to finding and addressing potential vulnerabilities.