Introduction to Penetration Testing

Over the past years we have been hearing in the news about Denial of Service attacks on high profiled companies like Yahoo, Microsoft, Twitter and so on. We have also been hearing that hacking attacks and website defacement are becoming more frequent and are happening to thousands of companies worldwide. Time has come for us to protect ourselves from everyone out there be it our company rivals, the seasoned hacker or just the teenager down the road.

We need to protect our company’s infrastructure like we do with our homes and personal property. Two to three decades ago, people would be quite happy to leave their houses and cars unlocked, and even doors to their houses left wide open due to low crime levels. Time is constantly evolving and the world is becoming a much more worse place to live and work in. To better protect your Network/Web Applications you need to know about current and past vulnerabilities and patch all equipment as soon as vulnerability patches are made available.

However this alone will not protect you. Everyone is human and we all make mistakes. Whether it’s granting full access permissions to a server by accident, to not setting a password on the administrator account because it makes life easier for us to manage. No matter how much patching you do to your environment; the systems can still be vulnerable to attack. This is where Penetration Testing comes in.