What is Penetration Testing?

Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and/or malicious to identify attack vectors, vulnerabilities and control weaknesses.  It involves the use of a variety of manual techniques supported by automated tools and looks to exploit known vulnerabilities and uses the expertise of the tester to identify specific weaknesses in an organisation’s security arrangements.  Penetration testing is often confused with Vulnerability Assessment.

Support and Guidance
CREST has produced a guide designed to enable organisations to prepare for penetration tests, conduct actual tests in a consistent, competent manner and follow up tests effectively.  It provides practical advice on the establishment and management of a penetration testing programme, helping organisations to conduct effective, value-for-money penetration testing as part of a technical security assurance framework.   You can download a copy here.
CREST Guide to Penetration Testing

CREST has also developed a suite of maturity assessment tools to help assess the status of a penetration testing programme on the industry standard scale of 1 (least effective) to 5 (most effective).  You can read further advice and download a copy of the tool here:
CREST Penetration Testing Maturity Assessment

You will also find a selection of videos covering penetration testing on our YouTube Channel:

Prev 1 of 2 Next
Prev 1 of 2 Next