Every organization manages information for its daily operation. It is common for tools to be used for its treatment on computers, mobile phones, tablets, communication lines, etc. In any case, working with information carries a series of risks. Faced with these threats, one have to analyze the systems that support the management of information in the company, crest penetration testing methodology, to assess the risks associated with its use.
To facilitate this work, there are a series of methods and tools that allow an analysis known as a penetration test, intrusion test, pen test or pentesting to be carried out .
A pentesting is a set of simulated attacks directed at a computer system with a single purpose: to detect possible weaknesses or vulnerabilities so that they are corrected and cannot be exploited. These audits begin with the collection, in open access sources, of information about the company, employees, users, systems and equipment. It continues with an analysis of vulnerabilities that will be exploited, even with social engineering techniques, attacking the systems until they achieve their objectives. Finally, a report is made that indicates if the attacks would be successful, and if so, why and what information or access they would obtain, that is, attacks are simulated as would be carried out by a cybercriminal who wanted to take control of the system or with the information contained therein. In this way, it can be determined:
- whether the computer system is vulnerable or not,
- assess whether your defenses are sufficient and effective, and
- assess the impact of the security flaws that are detected.