A penetration test over Internet is the authorized, scheduled and systematic process of usingknown vulnerabilities in an attempt to perform an intrusion into host, network orapplication resources. This penetration testsconduct on externalresources - the company connection to the Internet. It normally consists of using an automated or manual toolset to test companyresources.
If a vulnerability is utilized by an unauthorized individual to access company resources, company resources can be compromised. The objective of a penetration test is to address vulnerabilities before they can be utilized.
The core services offered by the company should be tested. These include: Mail, DNS, firewall systems, password syntax, File Transfer Protocol (FTP) systems and Web servers etc.
External penetration tests are intended to identify vulnerabilities that are present for connections that have been established through the organization connection to the Internet (also known as the firewall or gateway). If the primary objective of the test is to ensure that the database is sufficiently secure from the corporate Internet site, an external penetration test is more appropriate.
