Penetration Testing will simulate a threat actor on a predefined scenario regarding his standpoint and level of knowledge towards the target systems/networks.
Typically, the attack simulation is performed either from the internet towards the external perimeter of the target or from the internal network that effectively simulates a malicious employee, vendor or even an already compromised system that is used as a foothold by the attacker.
The approach is goal oriented and aims to demonstrate the maximum impact of a successful cyber attack that could allow a third party to obtain unauthorized access to the data served by the target systems with respect to the confidentiality, integrity and availability of the latter.
The objectives of a Penetration Testing are:
The Penetration Testing is conducted using industry-leading tools and manual penetration testing techniques that aim to identify and exploit both known and unknown software flaws, misconfigurations and operational/control weaknesses while focusing on an in-depth coverage.