The Internal penetration test is similar to the external test. We use a variety of common hacker tools and security testing utilities but in this case the test is performed from within the target company.
This test attempts to discover what systems are vulnerable to attack from insiders. It can be used to discover common problems such as weak user passwords, credentials sent in plain-text, misconfiguration of servers and databases, badly-configured Intranets etc.
The most important question to ask your security auditor is, “Are you impartial and independent, or are you a company with something to sell that just happens to also provide audit services?”
You don’t want a company that sells solutions to do your security audit, because the odds just went way up they will find a problem their solution fixes. Handshake Networking Ltd is a completely independent team of consultants, with years of experience providing cost-effective solutions to companies and organizations throughout Hong Kong and the world.
Our consultants have performed audits against a variety of standards, including clients’ own policies and build documents, the PCI Data Security Standard, ISO Standards, or open standards like OWASP and OSSTMM.