privacy & security

VallepuGraphics/Shutterstock.com

Penetration testing is a way for cybersecurity experts to test a system by simulating an attack. It involves intentionally trying to get past existing security, and it can help companies find out if their systems can withstand a hack.

If you’re reading about cybersecurity, the term penetration testing will come up as a way to see if systems are secure. What is penetration testing, though, and how does it work? What kind of people perform these tests?

What Is Pen Testing?

Penetration testing, often referred to as pen testing, is a form of ethical hacking in which cybersecurity professionals attack a system to see if they can get through its defenses, hence “penetration.” If the attack is successful, the pen testers report to the site owner that they found issues which a malicious attacker could exploit.

Because the hacking is ethical, the people performing the hacks aren’t out to steal or damage anything. However, it’s important to understand that in every way besides intent, pen tests are attacks. Pen testers will use every dirty trick in the book to get through to a system. After all, it wouldn’t be much of a test if they didn’t use every weapon a real attacker would use.

Pen Test vs Vulnerability Assessment

As such, penetration tests are a different beast to another popular cybersecurity tool, vulnerability assessments. According to cybersecurity firm Secmentis in an email, vulnerability assessments are automated scans of a system’s defenses that highlight potential weaknesses in a system’s setup.

A pen test will actually try and see if a potential issue can be made into a real one that can be exploited. As such, vulnerability assessments are an important part of any pen testing strategy, but don’t offer the certainty that an actual pen test provides.

Who Performs Pen Tests?

Of course, getting that certainty means that you need to be pretty skilled at attacking systems. As a result, many people working in penetration testing are reformed black hat hackers themselves. Ovidiu Valea, senior cybersecurity engineer at Romania-based cybersecurity firm CT Defense, estimates former black hats could make up as many as 70 percent of the people working in his field.

According to Valea, who is a former black hat himself, the advantage of hiring people like him to combat malicious hackers is that they “know how to think like them.” By being able to get into an attacker’s mind, they can more easily “follow their steps and find vulnerabilities, but we report it to the company before a malicious hacker exploits it.”

In the case of Valea and CT Defense, they’re often hired by companies to help fix any issues. They work with the knowledge and consent of the company to crack their systems. However, there is also a form of pen testing that’s performed by freelancers who will go out and attack systems with the best of motives, but not always with the knowledge of the people running those systems.

These freelancers will often make their money by gathering so-called bounties via platforms like Hacker One. Some companies—many of the best VPNs, for example—post standing bounties for any vulnerabilities found. Find an issue, report it, get paid. Some freelancers will even go so far as to attack companies that haven’t signed up and hope their report gets them paid.

Valea warns that this isn’t the way for everybody, though. “You can work for several months and find nothing. You will have no money for rent.” According to him, not only do you really need to be very good at finding vulnerabilities, with the advent of automated scripts there isn’t much low-hanging fruit left.

How Do Penetration Tests Work?

Though freelancers making their money by finding rare or exceptional bugs reminds a bit of a swashbuckling digital adventure, the daily reality is a bit more down to earth. That’s not to say it isn’t exciting, though. For every type of device there is a set of tests used to see if it can stand up to an attack.

In each case, pen testers will try and crack a system with everything they can think of. Valea emphasizes that a good pen tester spends a lot of his time simply reading reports of other testers not just to stay up-to-date on what the competition may be up to, but also to gain some inspiration for shenanigans of their own.

However, gaining access to a system is only part of the equation. Once inside, pen testers will, in Valea’s words, “try to see what a malicious actor can do with it.” For example, a hacker will see if there are any unencrypted files to steal. If that’s not an option, a good pen tester will try and see if they can intercept requests or even reverse engineer vulnerabilities and maybe gain greater access.

Though it’s not a foregone conclusion, the fact of the matter is that once inside there’s not much you can do to stop an attacker. They have access, and they can steal files and wreck operations. According to Valea, “companies aren’t aware of the impact a breach can have, it can destroy a company.”

How Can I Protect My Devices?

While organizations have advanced tools and resources like pen tests to safeguard their operations, what can you do to stay safe as an everyday consumer? A targeted attack can hurt you just as much, though in different ways than a company suffers. A company having its data leaked is bad news, for sure, but if it happens to people it can ruin lives.

Though pen testing your own computer is probably out of reach for most people—and likely unnecessary—there are some great and easy cybersecurity tips you should follow to make sure you don’t fall victim to hackers. First and foremost, you should probably test any suspicious links before you click on them, as that seems to be a very common way hackers attack your system. And of course, good antivirus software will scan for malware.

TECH NEWS RELATED

A Twisted New Body Dysmorphia Romantic Film Looks Gruesomely Unique

Some movie trailers do their best to push all the information you might need before the premiere to let you properly gauge your interest. Other trailers don’t care about all that and only want to show you a series of odd sequences you cannot piece together, but know you’ll ...

View more: A Twisted New Body Dysmorphia Romantic Film Looks Gruesomely Unique

How to Disable Screenshot Thumbnail Previews on Mac

Modern versions of macOS feature a floating thumbnail preview for screenshots that allows users to quickly apply edits to their screenshots before they save them. If you find this interface too obtrusive, or simply prefer to edit your screenshots later using the Preview app, Here is how you can ...

View more: How to Disable Screenshot Thumbnail Previews on Mac

LG’s smart projector is the square cousin of Samsung’s cool The Freestyle

This Tiny MSI PC is Packed With Power

MSI Following the example set by the Mac Mini, many Windows-powered compact PCs have popped up recently with solid hardware. If none have quite caught your eye, though, maybe this PC by MSI will. MSI has just released a new tiny PC called the Cubi 5 12M, and it’s ...

View more: This Tiny MSI PC is Packed With Power

Logitech’s New Colorful Keyboards and Mice Look Great

Logitech Logitech makes some of the best keyboards and best mice around, and you might be familiar with the company’s RGB-packed gaming products. These new peripherals are really packed with color, but we’re not really talking about lights. Logitech has announced a range of new colors for a bunch ...

View more: Logitech’s New Colorful Keyboards and Mice Look Great

“Part of the Journey Is the End;” Marvel’s Avengers Seems to be Shutting Down

Whether it be purely the lackluster quality of the game or the general distaste for live service games, Marvel’s Avengers never truly found its footing in the two years since it was released. Despite the fact that both the Marvel and Avengers labels should guarantee a happy, comic-lover audience, ...

View more: “Part of the Journey Is the End;” Marvel’s Avengers Seems to be Shutting Down

How To Find Your Laptop IP Address

Most internet-related problems can be solved with the knowledge of the IP address. Your Internet Protocol (IP) address can be very helpful when you are trying to narrow down the error source. Network troubleshooting is also made easy with the IP address code. There have been several issues where it ...

View more: How To Find Your Laptop IP Address

How To Snip Screen On Your Laptop?

Taking a screenshot is not a complicated process. All of us are familiar with at least one way to do it. However, there are several ways to capture your screen for a frame. We made this article to show you all the different ways you can grab your screens. If ...

View more: How To Snip Screen On Your Laptop?

How To Connect AirPods To A Laptop?

Satechi Thunderbolt 4 Slim Hub review: A sleek and portable laptop hub

Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks

Fix CAA20004 Microsoft Teams Sign in Error

How To Fix This Update Is Not Applicable To Your Computer Error: 11 Quick Fixes

Servant unleashes a bed bug blitz [Apple TV+ recap]

Hostinger quietly shutters Zyro to focus on Hostinger Website Builder service

Redmi Note 12 Turbo Tipped to get Snapdragon 7-series SoC

How to customize and publish a Microsoft Bookings page?

Avatar 2 animators tricked James Cameron into believing some shots were practical

Super Bowl 2023 live stream: how to watch the game, commercials and halftime show from anywhere

The Minecraft Community Answers the Age-old Question: “Can it Run Doom?”

OTHER TECH NEWS

Top Car News Car News