All development follows the same steps, design – production– testing.
And for connected IT products, the testing part includes penetration testing, also known as pen-testing, where the system is scanned for known vulnerabilities as well as exposed to more sophisticated «attacks».
The purpose of penetration testing is to reduce the risk of a breach happening and limit the damage if a breach were to happen.
Types of vulnerability and penetration testing
There are many different forms of penetration testing, depending on what solutions are being tested.
Network and infrastructure
This is a large category and includes testing servers, networks, clients, access control and much more. There are also various testing methods, the most common being "from the outside" and "from within". This service is usually requested by medium to larger size companies wanting to improve the security of their systems. It is also frequently done in connection with certifications such as ISO 27001.
PCI compliance testing
PCI (Payment Card Industry Data Security Standard) is vulnerability testing that follows a specific template and often has its category of tools to perform the testing. Customers for PCI compliance will typically be customers that handle credit cards, and such testing is usually a requirement from the credit card companies.
Testing of programs running on a web server, for instance, registration pages, is done to prevent abuse. Such pages are particularly exposed as they are directly accessible on the internet.
Nemko has, through System Sikkerhet, high competence and long experience in the evaluation and certification of information security. This competence has allowed us to expand into penetration testing, offering a range of relevant tests from our new lab in Norway.
For more information about how Nemko can help your organization meet current and emerging cyber security challenges, contact us.