Penetration Test
Penetration tests, known as penetration testing, is a consultancy service performed for IT (Information Technology) assets and used to detect cyber security threats beforehand. With the penetration test, it is aimed to reveal the vulnerabilities by testing the communications, connections and applications on these assets.
Penetration tests are carried out within predetermined scenarios for each asset type. The scope of the penetration test to be carried out with these scenarios, the way of progress, infiltration techniques, security devices and techniques to bypass products are determined. Penetration tests are performed on the basis of both national and international methodological approaches.
Pentest Pentest Service
Pentesting, also known as pentest service, is a cyber security consultancy service performed by experts and authorized persons in the field, in order to detect errors and vulnerabilities in information systems, to prevent exploitation of security vulnerabilities by malicious cyber attackers and to make systems more secure. The purpose of these penetration tests is to detect vulnerabilities and to show how authorized access can be obtained in the relevant system by using these vulnerabilities and what can result.
Penetration tests, which are based on national and international methodologies, are applied using the following three main methods.
Approaches Applied in Pentesting Pentest Service
Black Box: No information about the systems to be tested for penetration is given to the test team. It is expected to collect information and perform tests on a completely unknown system.
Gray Box: In this approach, information about the system is available. Many information such as IP address list, version information about the server system are provided in advance to the team that will perform the security test. Since the IP addresses for which control and testing are requested are certain, the possibility of unintentional damage to the system is also reduced.
White Box: The security testing team has full knowledge of the system itself and the additional technologies running in the background. Compared to the Black Box technique, it provides greater benefits to the institution and company. Since it will be easier to find errors and vulnerabilities, the time to take action against them will also decrease.