Pratum Blog

Penetration testing explained.

Penetration testing may be complicated, but conceptually it is simple to understand. Basically, pen testing is the act of hacking a system to better understand its security weaknesses. In doing so, an organization gains the information needed to begin strengthening or repairing its system(s). This infographic is designed to provide an overview of the penetration testing process; offering a simplified glimpse into a complex process.

Penetration Tester

Hack

Armed with intel gathered from social engineering and vulnerability scanning, the penetration tester begins bombarding the web application (or infrastructure or wireless system) with hacking attempts.

Gather

Throughout the penetration test, information is gathered and risks are identified.

Get Results

The results of the penetration test are prioritized and compiled in an executive report. Risks are labeled and described, and a proposed solution is provided.

Remediate

The report is used by the IT team to guide the subsequent risk mitigation process. At this time IT staff members and developers work to resolve high and moderate risk findings.

Validate

Following the attempt to fix discovered issues found in an external test, the penetration tester will validate remediation efforts. This process will confirm whether or not the remediation was successful.

  • Validated Input
  • Secure Authentication
  • Correct Security Configuration

Get our blog posts delivered to your inbox: