Once you’re sold on the benefits of penetration testing, all that’s left is to do the test, right?

If only it were that simple.

The reality is that, with the number of different types of penetration testing available, it can sometimes be difficult to choose the right one. Here’s some advice to help make that choice a little more informed.

When to test

First of all, we should say that pen testing should be a regular occurrence, to help mitigate ever-evolving cyber security threats.

We recommend carrying out a pen test at least once a year, with additional tests whenever you make significant business changes. (Check out our blog on when you should consider a pen test here).

Pre-considerations

Before you delve into the abundance of available types of penetration testing, it is worth considering a few factors:

Your desired outcome – Before embarking on a pen test, you’ll want to know what you want to achieve. That may be testing a particular system or application, to simulate a real-life cyber attack on your business or to enact another specific scenario like an insider threat.

Your budget – Unless your budget is unlimited, you’ll want to focus your activity on the areas that are most likely to realise the maximum (or most important) benefit. That’s an obvious point, of course, but one that is well worth remembering before you make your choices.

Compliance – If your business is subject to certain compliance regulations, then these will naturally determine the types of penetration test that you undertake.

The types of test

There are multiple different types of penetration test, but the following are perhaps the most popular.

Network penetration testing – This assessment of both internal and external network infrastructure is designed to test on-premise and cloud networks, firewalls, system hosts and other devices such as routers and switches.

In an external test, a tester may – for example - try to breach your firewall or use maliciously obtained data to crack your password security.

An internal test may involve simulating an ‘inside hack’ from an employee or rogue contractor within your network.

Wireless penetration testing – Here, you will be testing your business’s WLAN and wireless protocols. This can help you to assess and identify threats such as rogue access points, weaknesses in encryption and other wireless vulnerabilities.

With simple tools to enable wireless hacking now readily available, even hackers of very limited skill can cause untold damage.

Application testing - Whether web or mobile based, in order to prevent your organisation from succumbing to vulnerabilities within applications, pen testing can look for security flaws in those applications that can then be patched and fixed.

Build and configuration testing – Reviewing your network configuration can help to identify weaknesses across your business estate to mitigate numerous security threats. That might range from network scope to operating systems used, availability of remote access and the number and variety of applications, services and devices you are using.

Choose the right tester

And of course, once you have chosen the type(s) of test you wish to conduct, it then becomes vitally important to find a provider with the required expertise to detect any latent vulnerabilities.

To speak to a Zen expert today about our penetration testing credentials, call us on 01706 902579 or email solutionsales@zen.co.uk
Carbon Neutral
Phone | Zen Internet

Zen Internet - Home SalesSales
01706 902573

Phone | Zen Internet

Zen Internet - Customer EnquiriesCustomer Enquiries
01706 902001