It’s a bit cliché as a plot: A company hires burglars to break into their business to test security. Well, it isn’t just fiction, real companies do it all the time, it’s called penetration testing or pen test, for short. Sounds strange, yes, but only by attacking it can you know that your website security is working and to see vulnerabilities so you can protect against future attacks.
Types of Pen Tests
External testing targets the web assets that are visible to the world, including your website, email and domain name servers (DNS), with a simulated hack that attempts to extract data or shut you down.
Internal testing simulates the “inside job”, where an employee or someone else with access (say, someone who stole credentials) assists a malicious outsider to get past your firewalls and other security features.
Blind testing gives a simulated intruder the name of business being targeted, allowing electronic security personnel to watch a real application assault as it happens.
Double-blind testing takes it a step farther; by not telling the security staff that an attack is imminent, they’ll react as if under actual attack, with no notice that might let them reinforce their defenses.
Targeted testing is very valuable; by allowing the simulated hacker and security personnel to operate together and communicate about the attack, the security team not only sees the attack, they see it from a hacker’s point of view, receiving real-time feedback on how they’re responding.
Of course, nothing in technology is static. As hackers get more sophisticated, the security community responds with new defenses. The bad guys need to develop new weapons to beat new defenses, and they do. Facet Web Tech offers on-going monitoring services to make sure your defenses stay ahead of their weapons.
Vulnerability Consulting Services
It sounds so much nicer than, “We break into your website,” but that’s what we do, if we can. Contact Facet Web Tech today to schedule a security consultation. If the bad guys already got to you, Facet has a cleanup team that can put you back together again while we work to prevent future attacks. We have all the tools to determine your vulnerability level and to provide a course of action to ensure that your website remains as safe as possible.