Penetration testing is a method of quality assessment of information systems security. This method allows us to detect potential vulnerabilities and enhance security measures on their elimination.
Assessment of the IT infrastructure of the organization is not being easy due to its complexity and diversity. For the assessment of the IT infrastructure a set of 3 actions shall be used including a comprehensive periodic IS audit, regular analysis of the software vulnerabilities and penetration testing.
If the first two can be performed by the organization itself - by IS and IT engineers, then conducting the penetration testing requires special knowledge and skills. Therefore such testing may involve an outside company with the required experience and licenses.
Penetration testing is implemented by simulating malicious attacks from hackers, from outside and inside the protected perimeter. Testing can give us an independent assessment of the information infrastructure security, to reveal potential mistakes of system when configuring the software and hardware, or the absence of the security upgrades.
Penetration testing is carried out by the experts with high qualifications confirmed by international and national certificates in the field of information security.