Internal penetration test

 

Penetration tests enable you to measure the exposition of your company, your applications and your networks, to cyberthreats, and thus to implement actions to reduce the identified risks. Whether internal or external, on all or on parts of your information system, this security test relies on the simulation of malicious acts which could be tried by a third party.

What is an Internal Security Test – IST?

An internal penetration test is also called Internal Security Test (IST). During these tests, our security experts sign in to the application or information system they need to audit, as could an employee or legitimate partner. Once connected, our experts test the application in order to try and find one or several vulnerabilities, aiming at the bypass of your security system, the exploitation of these vulnerabilities, and the theft of sensitive information. These tests are usually made using the “grey box” approach.

What is grey box testing?

During grey box testing, our security experts are authenticated on the application through a user account similar to the ones of your employees for instance. They are different from black box tests, where neither accesses nor information are provided to the pentester.

Why do an Internal Security Test?

Almost 80% of intrusions come from inside your ecosystem, these incidents being either voluntary or the result of negligence or misreading. That is why this internal threat has to be taken into account: too often forgotten by companies, it is however a major element to protect a system against.

When is the Internal Security Test needed?

A penetration test can be done at any time during your information system’s life cycle, in order to evaluate its security level. However, we advise you to do a security test before the production launch. Indeed, by correcting the vulnerabilities before the launch, you expose a secure platform and don’t give hackers¬†a chance to compromise it!

 


NBS System’s expertise in IT security

years of experience

penetration tests

+ 250 clients in IT security

Creator of CerberHost

Creator of Naxsi