A penetration test (also known as a pen test or ethical hacking) is a fully-sanctioned hacking attempt that targets your organisation’s IT network infrastructure, applications and employees. The purpose of these tests is to identify security risks by actively attempting to exploit weaknesses in a controlled fashion. Information gathered during penetration testing allows you to proactively strengthen your organisation’s security practices.

Penetration tests usually fall into one of the following categories:

• Networks and Infrastructure  (Internal, External, Mobile Devices, Wireless)
• Applications (Mobile, Web, Web Service/API, Thick Client)
• Physical Security & Social Engineering
• Red Teaming (which encompasses any or all of the above)

A Vulnerability scan looks for known vulnerabilities in your systems and reports potential exposures, often forming part of information gathering for a penetration test. Penetration tests are intended to exploit weaknesses in the architecture of your IT networks, systems, and applications. They determine the degree to which a malicious attacker can gain unauthorised access to your assets. A vulnerability scan is typically automated, while a penetration test is a manual test performed by a security professional. Both elements are important, typically vulnerability scans are done on a more frequent basis and penetration tests on a less frequent basis

Penetration testing should be done for a number of  reasons, including:

• To uncover major vulnerabilities and prioritise your vulnerabilities into low, medium and high risks, then give you an opportunity to fix these vulnerabilities.
• To help you enforce your security strategy and identify any further security controls you need to implement if poor internal security processes are revealed.
• To show your security team in real-time how attack vectors impact the organisation.
• To give your organisation and team more confidence, with a new perspective on your network, application and data
• To help inform governance and compliance improvements, possibly as your organisation aligns with industry security standards
• To train your security team on how to better detect and respond to threats, while introducing newer security technologies
• To test your team’s ability to conduct remediation and incident reporting.
• To allow your team to optimise their incident response process
• To protect your most critical data
• To provide your management and leadership team with insightful reports
  To strengthen customer trust and loyalty by demonstrating your commitment to security

A Cognisys penetration test is well-coordinated, planned, documented and communicated. You will know what is happening and when. Our process is disciplined, repeatable and defined within our testing methodology and our ISO27001 controls.
Our approach and targets are customised to suit the unique environment and requirements of your business, for each individual test.

Our clear initiation, planning, testing, reporting and collaborative delivery process ensures accurate results and a clear understanding of the remediation process.

We use a blended approach to ensure our clients always have the most appropriate skillsets for all areas of the testing, providing the very best service at a fair price.