Penetration testing is often used as a catch-all for any type of security service performed by an organization.
A true penetration test involves three distinct stages that build upon each other: Scanning, Assessing and Penetrating. It is important to understand the differences to ensure a properly scoped and delivered service.
iTechWorks provides services around each of these areas.
Penetration tests do not need to be exclusively technological in nature. Additional types of tests include physical and social engineering evaluations.
Penetration testing options include black container, white container and grey container tests.
White container, or authenticated tests, target the security of your underlying technology with full knowledge of your IT department. Information typically shared with the tester includes: network diagrams, IP addresses, system configurations and access credentials. This type of testing allows for different ‘role-based’ testing, allowing for iTechWorks penetration testers to act as various individuals within, or connected to, an organization.
Black container, or unauthenticated tests closely represent a hacker attempting to gain unauthorized access to a system or IT infrastructure to obtain and exfiltrate data. Black container penetration testing evaluates both the underlying technology as well as the people and processes in place to identify and block real-world attacks. iTechWorks testers will not have prior knowledge of your organization and architecture.
Grey container testing lies between black and white. Testers will have knowledge of some areas but not others. These areas are defined before the start of an engagement with the aim to ensure adequate coverage and depth of testing whilst controlling time and budget requirements.