This is the process through which we will conduct your penetration testing:
Hacking is a five-step process:
- Reconnaissance: hackers gather info about your organization
- Scanning phase: hackers scan for open ports and other vulnerabilities
- Gaining access: hackers penetrate your network
- Maintaining access: hackers create backdoors or plant malware
- Clearing track: hackers hide evidence of their presence
Since the goal of penetration testing is to prevent hackers from attacking your network, penetration testers follows the identical five-step process when conducting penetration test.
However, because our intention is to help instead of hurt you, we carry out our penetration testing in three simple steps:
- Phase One: pre-engagement discussion of your requirements
- Phase two: conduct assignment
- Phase three: deliver report of findings
Listen to what our clients say about our service
Like a medical procedure that could go wrong, ethical hacking could go wrong even though it is well-intentioned.
To minimize the risk of negative impact on your network, we conduct the penetration testing in three phases.
Phase one: information gathering and scanning to identify vulnerabilities.
After phase one, we submit a report of the vulnerabilities we identify and advice on remedial measures.
At this stage, you could decide you wish to terminate the agreement and have your in-house cyber security team do the rectification.
You could also have us rectify them for you.
Phase two: access and exploitation phase.
In this phase, we will attempt to access your network just as a hacker would.
The aim of this phase is to see if your network is penetrable through the identified vulnerabilities.
At the end of phase, we will provide a comprehensive report outlining:
- The vulnerabilities we identified in your system
- The means of exploitation
- Recommendations for rectification
Phase three: if our initial agreement stipulated that we rectify those vulnerabilities, it is at this phase we will rectify them.
Phase four: most penetration testing assignments end after phase two.
Organisations without an in-house cyber security team allow the penetration testing firm to rectify the vulnerabilities they identified.
However, there is a fourth phase, which involves the creating of backdoors and planning rootkit to maintain access.
This phase carries a high level of risk.
Backdoors left open could be exploited by real hackers and rootkit is very difficult if not impossible to reverse.
This is the reason this phase has to be thought through carefully.
The nature of the organization could demand this level of penetration test.
That is literally the outlines of our penetration testing steps.
If you require further information about our process or if you desire recommendations on whether your organization even need penetration testing, please call +44(0)20 8798 0579 or email: help@thebusinesseducationcenter.com