Pentest FAQ – #7 and #8 – What is a penetration test? And what is it not?
In our Big Application Security Penetration Test FAQ for clients we answer everything you should know before, during and after the commissioning of an Application Security Penetration Test.
In focus today:
Question #7: What is a penetration test?
n a penetration test, the tester assumes the role of the attacker. They use all means at his disposal to access the application from the outside – in contrast to analysis techniques that start “inside”, such as code analysis – in order to uncover vulnerabilities. They also use their extensive knowledge of vulnerabilities and all kinds of tricks to bypass security mechanisms. The result is a report that describes the vulnerabilities in a comprehensible way, assesses them with regard to their potential danger and shows countermeasures.
Because they act as a benign “hacker”, the pentester is also called a white-hat hacker (as opposed to a malicious black-hat hacker) or an ethical hacker.
Question #8: And what is an Application Security Penetration Test not?
A penetration test of a web or mobile application is not about simulating the attacker scenario as realistically as possible in order to conclude whether an attacker could penetrate the application or not. And as a result define it in the first case as insecure, in the second as secure. Rather, penetration testing is to be understood as a quality assurance measure. As far as possible, all anomalies affecting the security of an application must be identified, evaluated, also regarding the context, and, if they represent an actual risk, remedied. The tester can perform his role most effectively if he receives the best possible support – more on this in question 10.
At the it-sa 2019 we will present our innovative consulting concept Lean Application Security.read more
Our second office is located in Dresden, the capital of Saxony. Come have a look at our office there!read more
With the topic “How practical is DevSecOps really? – A field report” our colleague Maximiliane Zirm is present at this year’s Heise devSec.read more
By integrating our colleagues in Vietnam and a well-established organization, we are able to offer penetration tests at a very attractive fixed price.read more
Have you ever wondered what a pentest is exactly or how such a test works? Our Big Application Security Penetration Test FAQ for clients answers these questions and much more.read more