A number of free and professional Internet Security Testing Services are available here at HackerTarget.com Online Security. These range from easy to use online port scanners to simulated hacker attacks by experienced security analysts.
Testing is made available through the 12 different Vulnerability Scanners we have online for automated testing. Additionally Professional Vulnerability Assessment Services are available for those who need someone with a little known how to have a dig at their systems.
Comparing Vulnerability Scanning, Assessments and Penetration Testing
Many clients request a Penetration Test when they are essentially after a Vulnerability Assessment. So what is the difference between a vulnerability scan, vulnerability assessment and a penetration test (pentest)??
Vulnerability Scanning is the use of security testing tools (vulnerability scanners) to perform an automated scan against a target system, web page or network. The results from this type of testing is often technical in nature and can be prone to false positives and / or false negatives.
Different tools perform different security testing functions, network scanners,web application scanners and database scanners are all available. Some of the best are focused tools that detect one specific class of vulnerability.
Vulnerability Assessment is performed by an experienced security practitioner who uses a combination of automated vulnerability scanning tools and manual testing techniques to assess the security of the target server, web site or network. Typically this will involve a manual review of the target, so that the automated tools are used in the most efficient and accurate way.
Results from the automated scans are then reviewed and systems can be manually tested to confirm the presence of any security vulnerabilities. This manual interaction significantly reduces the false positives. Finally a report is compiled that outlines the most significant issues along with re-mediation advice on how to resolve the issues discovered.
Penetration Testing (pentest) is similar to a vulnerability assessment however it goes a few steps further. Usually the scope will be wider, in that other aspects of an organizations infrastructure or processes may be within the scope. For example client systems may also be in scope, malicious exploits could be sent to employees to gain access to the client desktops allowing access to the internal systems through this popular attack vector. Another example may be that after the discovery of a SQL Injection flaw, the injection is exploited to extract information from the database.
The goal of a penetration test will be to gain access to internal company data or systems. Rather than just identifying vulnerabilities it will involve actual exploitation of the vulnerabilities, so that further exploitation is possible.
The purpose of going deeper into the attack process is to enable the client to develop a better understanding of the risks that they face from the vulnerabilities within the organization systems and processes.
HackerTarget.com generally recommends a vulnerability assessment as the type of test that will provide most value to the majority of clients. By having a vulnerability assessment performed, the client gains an immediate understanding of how their security looks from the perspective of an external attacker. They can then work to resolve any discovered vulnerabilities, and by understanding the state of the systems are able to get on with business without that nagging worry.
Clients who are potentially under threat of more targeted attackers will sometimes take the next step and have a penetration test performed. This will often be a follow-up test engagement after a vulnerability assessment has been performed and re-mediation undertaken.
