Penetration Assessment

Penetration test (pen test, pentest or ethical hacking) is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.
 
The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed. A penetration test can help determine whether a system is vulnerable to attack if the defenses were sufficient, and which defenses (if any) the test defeated.
E.D.G.E. Systems LLC Penetration Test Guidelines:
Security testing to identify/ exploit all weaknesses (known and unknown) in web applications:
        a. website security audit
            b. website penetration test
Detailed Documentation and Reports which will expose website security vulnerabilities. 

​The Need:

  • 52% of breaches featured hacking, 28% involved malware and 32–33% included phishing or social engineering, respectively. (Source: Verizon)
  • The average time to identify a breach in 2019 was 206 days.(Source:IBM)
 Picture
  • The average lifecycle of a breach was 314 days (from the breach to containment). (Souce:IBM)
  • 43% of breach victims were small businesses. (Source: Verizon)
  • Financial and Manufacturing services have the highest percent of exposed sensitive files at 21%. (Source: Varonis) 
  • 62% of businesses experienced phishing and social engineering attacks in 2018. (Source: Cybint Solutions)
  • 68% of business leaders feel their cybersecurity risks are increasing. (Source: Accenture)
  • 71% of breaches were financially motivated (Source: Verizon)
Common web-based applications that are often hacked:
  • shopping carts (Checkouts)
  • forms
  • login pages
  • dynamic content, etc.
  • Insecure web applications

Reasons

​Various sites and applications must be available 24/7 and provide a specific required service to their customers, employees, contractors and students. Certain Firewalls & Secure Socket Layers provide no protection against web application hacking, for the simple fact that access to the website must be made public. Web Applications often have direct access to backend data such as customer databases & control valuable data which are much more difficult to secure. Custom applications are more susceptible to attack because they involve a lesser degree of testing than off-the-shelf software. Hackers prefer gaining access to the sensitive data because of the immense pay-offs in selling the data.

​​© Copyright 2022 - All Rights Reserved - Edge Systems, LLC.