Penetration testing (aka "ethical hacking") is a set of actions, performed by Certified Ethical Hackers from EASI, that will replicate malicious behaviors in order to check that your IT infrastructure or the defined scope is correctly protected and configured.
The test can be based on the white box or black box principles:
- White box: means that EASI gets as much information as possible about the network beforehand.
- Black box means that EASI starts from scratch and performs more reconnaissance actions before starting the actual pentest.
Here is a non-exhaustive list of actions that can be performed during a penetration test:
- Vulnerability scanning
- Vulnerability exploitation
- SQL injection, XSS manipulation, URL manipulations...
- Social engineering
- Use of evasion techniques
- Password cracking/ brute forcing
A detailed report will be provided after the test.
This report contains the flaws we were able to exploit / "circumvent".
You will also be able to check the weaknesses against their exploitation status and recommendations with the solutions on how to fix them.
Lat but not least, EASI also aims at pointing out weaknesses that we were not able to exploit during the penetration tests, but where unauthorized access may be gained over time. This is important as the timing of our test is limited, but malicious hackers have all the time in the world.
Every system can be compromised. It is just a matter of time and resources.