Penetration testing (pentest) is a popular service in information security field world-wide. This service is an authorized attempt to bypass the existing set of the system protection tools. While testing, an auditor acts as an attacker who is trying to crack client's information protection system.

Positive Technologies experts have extensive experience in penetration testing and are ready to offer you different types of this service.

Penetration testing could be conducted for corporate network perimeter (external test) and for internal resources (internal test). Administrators and users of testing system could be notified about the works, or not (Red Team Test). During internal testing auditor's laptop or standard client's user workstation could be used.

While testing instrumental tools are used along with manual analysis methods. Social engineering methods could be used for testing. The main purpose of the testing is to identify client's employees' awareness level in information security. During testing, we define users' and security administrators' reaction to penetration methods used by attackers. Social engineering methods are used by attackers quite often and as a rule are aimed to end users. If an attack is successful, an attacker could gain the control of workstations, obtain client's confidential documents, use the client's resources for the attacks on the other companies' systems and for sending spam, etc.

This service results could be a basis for Security Awareness Program development fully oriented on the problems indentified during testing. This service is also useful to check the efficiency of current client's Security Awareness Program.