Penetration Testing

From Glitchdata
Jump to navigation Jump to search
  • PenTesting can identify security vulnerabilities but cannot ensure information policy compliance.
  • Important to clearly define the goals and objectives of the test.
    • Also important to define the scope, and constraints.
  • Best done after change in system infrastructure - which would most likely inadvertently introduce new exposures.
  • Adequate backup procedures are in usually in place. Special backups should not be necessary.
  • PRIMARY area of interest is the network
    • Network mapping
    • Customer Data is next after network compromise.
  • Penetration Testing is the best way to assure that perimeter security is adequate.