GTSP has been providing penetration testing services for more than 9 years, to the effect that we have archived a very high success rate.
Penetration tests can be conducted in several ways. The most common difference is the amount of knowledge and the implementation details of the system being tested that are being released to the testers.
Black box testing assumes no prior knowledge of the infrastructure to be tested. The testers must first determine the location and extent of the systems before commencing their analysis. At the other end of the spectrum.
White box testing provides the testers with complete knowledge of the infrastructure to be tested, often including network diagrams, source code, and IP addressing information. There are also several variations in between, often known as
Gray box tests. Penetration tests may also be described as "full disclosure", "partial disclosure" or "blind" tests based on the amount of information provided to the testing party.
The relative merits of these approaches are debated. Black box testing simulates an attack from someone who is unfamiliar with the system. White box testing simulates what might happen during an "inside job" or after a "leak" of sensitive information, where the attacker has access to source code, network layouts, and possibly even some passwords.
Penetration testing can be an invaluable technique to any organization's information security program. Basic black box penetration testing is often done as a fully automated inexpensive process. However, white box penetration testing is a labor-intensive activity and requires expertise to minimize the risk to targeted systems. At a minimum, it may slow the organization's networks response time due to network scanning and vulnerability scanning. Furthermore, the possibility exists that systems may be damaged in the course of penetration testing and may be rendered inoperable, even though the organization benefits in knowing that the system could have been rendered inoperable by an intruder. Although this risk is mitigated by the use of experienced penetration testers, it can never be fully eliminated.