Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What is pen-testing? Meet the security pros breaking into your business for cash

Tamlin Magee | June 27, 2016
A day in the life of a duo cracking corporate security for a living

After a brief reconnaissance mission on the web, there's ample data to piece together a convincing enough story to fool a receptionist into trusting you - they hand you the rest of the information you need.

lockpick flickr creative commons
Image: Flickr/Dan Tentler

Using this, you conduct a convincing phishing attack by email, and easily bypass a company's rather expensive security systems. You're free to place an exploit where it won't be found and siphon the businesses' data to wherever you like. It's yours.

Thankfully for this hypothetically hoodwinked company, all this data is safe - because this is the work of a penetration tester, security professionals who use real-world criminal hacking techniques to crowbar open the unguarded gaps in their client's armour.

"If there's a hole it will be found sooner or later - these days, sooner," says Aleksander 'Aleks' Gorkowienko, principal consultant and training manager at pen-testing company 7Safe. "I have absolutely no doubt. If someone does not invest properly in prevention, it's stupidity - I don't have any other words."

Aleks joins me with colleague Steven van der Baan, principal consultant and senior pen-tester, to talk me through the ins and outs of breaking businesses for a living.  

It seems that every week there's a high-profile hacking case causing brand damage and putting customers at risk. And there are thousands more cases where attacks aren't reported - or, indeed, slip under the radar.

Using this, you conduct a convincing phishing attack by email, and easily bypass a company's rather expensive security systems. You're free to place an exploit where it won't be found and siphon the businesses' data to wherever you like. It's yours.

Thankfully for this hypothetically hoodwinked company, all this data is safe - because this is the work of a penetration tester, security professionals who use real-world criminal hacking techniques to crowbar open the unguarded gaps in their client's armour.

"If there's a hole it will be found sooner or later - these days, sooner," says Aleksander 'Aleks' Gorkowienko, principal consultant and training manager at pen-testing company 7Safe. "I have absolutely no doubt. If someone does not invest properly in prevention, it's stupidity - I don't have any other words."

Aleks joins me with colleague Steven van der Baan, principal consultant and senior pen-tester, to talk me through the ins and outs of breaking businesses for a living.  

It seems that every week there's a high-profile hacking case causing brand damage and putting customers at risk. And there are thousands more cases where attacks aren't reported - or, indeed, slip under the radar.

So there's money to be made having organisations from banks to government department contract pen-testers like 7Safe to conduct thorough security audits.

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.