Pen testing involves ethical hackers scaling planned attacks against a company's security infrastructure to hunt down security vulnerabilities that need to be patched up. Pen testing is part of a holistic security strategy.
After reading this article you will be able to:
Related Content
Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!
Copy article link
Penetration testing (or pen testing) is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system’s defenses which attackers could take advantage of.
This is like a bank hiring someone to dress as a burglar and try to break into their building and gain access to the vault. If the ‘burglar’ succeeds and gets into the bank or the vault, the bank will gain valuable information on how they need to tighten their security measures.
Penetration testing helps an organization discover vulnerabilities and flaws in their systems that they might not have otherwise been able to find. This can help stop attacks before they start, as organizations can fix these vulnerabilities once they have been identified.
Penetration testing can help organizations comply with data security and privacy regulations by finding ways that sensitive data could be exposed. This helps them keep data secure and private, ensuring no one sees sensitive data who should not be able to.
Penetration testing is also required by some data regulations. For instance, PCI DSS version 4.0, section 11.4, requires organizations to use penetration testing.
It is best to have a pen test performed by someone with little-to-no prior knowledge of how the system is secured because they may be able to expose blind spots missed by the developers who built the system. For this reason, outside contractors are usually brought in to perform the tests. These contractors are often referred to as ‘ethical hackers’ since they are being hired to hack into a system with permission and for the purpose of increasing security.
Many ethical hackers are experienced developers with advanced degrees and a certification for pen testing. On the other hand, some of the best ethical hackers are self-taught. In fact, some are reformed criminal hackers who now use their expertise to help fix security flaws rather than exploit them. The best candidate to carry out a pen test can vary greatly depending on the target company and what type of pen test they want to initiate.
Pen tests start with a phase of reconnaissance, during which an ethical hacker spends time gathering data and information that they will use to plan their simulated attack. After that, the focus becomes gaining and maintaining access to the target system, which requires a broad set of tools.
Tools for attack include software designed to produce brute-force attacks or SQL injections. There is also hardware specifically designed for pen testing, such as small inconspicuous boxes that can be plugged into a computer on the network to provide the hacker with remote access to that network. In addition, an ethical hacker may use social engineering techniques to find vulnerabilities. For example, sending phishing emails to company employees, or even disguising themselves as delivery people to gain physical access to the building.
The hacker wraps up the test by covering their tracks; this means removing any embedded hardware and doing everything else they can to avoid detection and leave the target system exactly how they found it.
After completing a pen test, the ethical hacker will share their findings with the target company’s security team. This information can then be used to implement security upgrades to plug up any vulnerabilities discovered during the test.
For web applications, these upgrades can include rate limiting, new WAF rules, and DDoS mitigation, as well as tighter form validations and sanitization. For internal networks, such upgrades could include a secure web gateway or moving to a Zero Trust security model. If the ethical hacker used social engineering tactics to breach the system, the company may consider better educating their employees, or examining and upgrading their access control systems to prevent lateral movement.
Cloudflare secures companies' applications, networks, and people with a combination of web application security solutions and a Zero Trust security platform.