It is science: a weak immune system, a malicious bacterium or a virus can trigger illnesses that weaken the human body. So we try to maintain a proper diet and run periodic tests to make sure everything is normal. An IT system is not very different from all this.

Vulnerability Testing

Cyberattacks are increasingly frequent, so it is wise to perform periodic vulnerability tests and penetration tests.

Why? There are several answers:

  • Find weaknesses in infrastructure, applications and people in order to develop appropriate controls.

  • Make sure security measures have been implemented and work correctly. This provides assurance to senior management.

  • Test the highest-risk applications. Software developers can make mistakes and create insecure programs.

  • Discover new bugs in existing software and create patches and updates to correct them. It is worth knowing that these updates can also cause new bugs.

The penetration test looks for vulnerabilities, tests them and exploits them to access the system. Often the test is stopped when this objective is reached. That is dangerous, because there may be other untested vulnerabilities.

Vulnerability tests may also produce false positives, a sign that some existing control is not working correctly.

The Attack Does Not Always Come from Outside

We must not forget that attacks can happen differently, without involving external protections. Through social engineering, an attacker could gain direct access to internal structures. The company should therefore also protect itself against breaches, intrusions and internal threats, such as inadequately trained staff and disloyal employees. It is also advisable to perform tests in different zones, such as the office, the Wi-Fi network for consultants and the DMZ, in order to create correct security configurations for every environment and scenario.

Whenever a new infrastructure or application is installed or updated, vulnerability and penetration tests should be performed immediately to make sure the system is protected and the change has not introduced a weakness.

Do you have an e-commerce site or a company website? A corporate network to protect from external attacks? With EasyAudit you can identify the vulnerabilities you are exposed to and show your customers the EasyAudit Checked seal!

Want to know how exposed your website is?

EasyAudit WEB checks websites, portals and e-commerce with a professional external audit designed for SMEs.

Discover EasyAudit WEB