It’s science: a weak immune system , bacteria or malicious viruses can trigger diseases that weaken the human body. So we try to support a healthy diet and do regular check-ups to make sure that everything is normal. A computer system is not very different from us in this regard.
Cyber attacks are becoming more frequent, so it’s good to periodically test the vulnerability through penetration tests.
Why? Answers may vary:
- Finding weaknesses in infrastructure, applications and between people in order to develop appropriate controls.
- Ensuring that properly functioning security measures have been implemented, as this provides an assurance to the senior management.
- Testing your applications at risk. You have to take into account that those who develop the software can make mistakes and create unsafe application.
- Identifying new bugs in existing software and creating patches and updates to fix them. It’s good to know that even new updates may cause new bugs.
The penetration test looks for vulnerabilities, it tests them and uses them to access the system. Most of the times, the test is over when it reaches this goal. A dangerous habit, since there could be other vulnerabilities that have not been assessed yet.
The vulnerability tests may also generate false positive result , a symptom that some existing control might not work properly.
The attack doesn’t always come from outside
Do not forget that the attacks could take place in a different way, not involving external protections. With social engineering, you can get direct access to internal structures. So the company should also protect against violations, intrusions and threats from within, such not properly trained staff and disloyal employees. In addition, it would be good to perform the tests in different areas (office, wifi network for consultants, the DMZ , etc..) so as to create the right security configurations in every area and in every possible scenario.
Whenever a new infrastructure or application is installed or updated, vulnerability and penetration tests must be carried out immediately to make sure your system is protected and that the change has not introduced a new flaw.
Do you have an e-commerce or a company website ? Do you operate a corporate network that needs to be protected from external attacks? With EasyAudit, you can identify vulnerabilities to which you are exposed, and reassure your customers with the EasyAudit Checked label!