Frequently Asked Questions
Penetration testing uses the procedures, techniques, and tools of a genuine criminal hacker to gain access to your systems and data. Hacking methods include brute force, SQL injection, phishing (email attempts to get employees to reveal sensitive data), and vishing (telephone attempts to get employees to reveal sensitive data), with the intent to steal data or deploy custom malware.
Every organisation needs a pen test at least once per year, but more frequently during changes, mergers, customer app-development, and during new service or product launches.
The cost of a pen test depends on the scope of the test agreed and its stated objective. You can contact OmniCyber Security to receive a custom quote for your business.
Automated security testing of your computer systems is known as a vulnerability scan. This technique uses automated tools to search for vulnerabilities that are already known.
Penetration testing should be carried out by a CREST accredited company that uses ethical hackers who are Offensive Security Certified Professionals (OSCP).
There are many factors that dictate how long a penetration test will take. These factors include whether there is an internal test, external test, the scope of the test, the network size, and whether or not the network credentials and company information is shared.
All businesses should have an annual pen test, as well as a pen test during/after any major change to the company network.
The methodology of a penetration test is to first gain access to your computer network and to then move across the system to attempt to gain higher-level privileges.
Remote penetration testing is carried out during an external test but this alone will not test the security of your wireless or internal network.
Penetration testing will not affect or have a very minimal effect on the day-to-day operations of your business.
A pen test report is a customised report that details the weaknesses and risks of your computer systems and networks. A penetration test report will also outline the remedies for the security risks that have been identified.