Well, according to NIST, Penetration Testing is a security test that the assessors mimic real-world attacks to find ways around the security features of an application, a system, or a network. This normally involves launching real attacks on a real system and data where tools and techniques of an attacker can be used against the system. This would be finding vulnerabilities within that system and (exploiting) the vulnerabilities so that an attacker can take control over a system. Penetration Testing can also be useful for determining how well the system tolerates real world-style attacks, how good an attacker must be to compromise the system, finding countermeasures that could mitigate attacks, and the defender’s ability to detect and respond.
Due to the benefits laid out by NIST above, we often see requirements that call out having a Penetration Test done against a system. CMMC, FedFRAMP, ISO 2700, etc.
What is important here, is having a company with that is composed of the right people to get the job done. Penetration Testing can be hard.
The pitch: At Xyston we take pride in our technical prowess. Our customers understand that a simple scan and a fancy website will not protect their system’s when the highly skilled and motived attacker comes knocking. Our team is a group of highly technical engineers that have built websites, networks, applications, and so on. We take that knowledge and turn it on its head and understand the weaknesses of the technology we are working against.
We have been trusted by some of the largest companies in the world and we should be trusted by you to conduct a thorough assessment of your system.
- Jarrod Hardy
- Xyston CEO
- PhD student in Computer Science
