It is a method to assess the security of a computing system or network, by means of an attack simulation.

Penetration tests can be

  • Internal: the simulation requires that the attacker has physically access to the organisation’s facilities or has an in-depth knowledge of the structure and of the company’s organization
  • External: the simulation requires that the attacker is an external person with a limited knowledge of the target systems

Identification of the largest possible number of vulnerabilities and configuration errors related to systems and applications that might affect the security level of the entire infrastructure.

After the testing, the working group that performed the tests, will provide the customer with a document containing the description of the vulnerabilities found and the recommended solutions in order to ensure network security.

The security probe is divided into several phases, each of which is focused on different areas of the IT infrastructure.

Progressively, vulnerabilities existing in the attacked systems are identified and exploited, collecting more information and authorizations with regard to a “privilege escalation” mechanism.

Before the start of the activities, signs a NDA (non-disclosure agreement) to ensure its commitment not to disclose data which may come in possession of during its activity.

Penetration tests are performed trying to minimize the impact on the efficiency of systems subject to activities.