What Type of Vulnerabilities Does a Penetration Test Look For?
Penetration testing is becoming increasingly popular as organizations are beginning to embrace the need for stronger cybersecurity. But there are still too many businesses that don’t fully understand the benefits of regular security testing.
Pen testing is vital for any kind of organization with an IT system or website. A recent survey of penetration testers revealed that 88 percent of those questioned said they could infiltrate organizations and steal data within 12 hours. This shows that almost all businesses are likely to be vulnerable to attacks.
But many people do not know what a pen test involves – particularly the types of vulnerabilities that testing helps to identify. In truth, there are many different types of pen testing, and the results can depend largely on which type you have carried. In general, however, here are four of the most common vulnerabilities that a pen test can uncover:
-
Insecure setup or configuration of networks, hosts and devices
Open ports, weak user credentials, unsafe user privileges and unpatched applications are types of vulnerabilities that a hacker could use to compromise your systems. Unsecure network configurations are usually relatively easy to remedy (as long as you are aware that they are unsecure). However, with an organization’s security posture changing so quickly, it can often only take the addition of new devices or the use of new services to introduce added risks.
A good example of this is that more and more organizations are moving to the cloud and failing to check that their environments are secure. Authenticated vulnerability scans on on-premise and cloud networks are good at identifying basic issues, but human penetration testers spend extra time examining security from the outside. As criminals become more sophisticated in the techniques they use, it is human pen testers who are providing invaluable information (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/type-vulnerabilities-penetration-test/