In our hyper-connected world, cyberattacks are on the increase.
No company is immune, whatever its size.
Without becoming paranoid, it is important to protect yourself and your company’s data.
The paralysis of an information system, or worse, the loss of company data, can be catastrophic.
Imagine no longer having access to your customer files, your HR software or your accounting.
This is one of the ways in which malicious hackers attack.
Your system is infiltrated and all your data encrypted.
You can only recover it by paying a ransom.
And the hacker’s entry point is often an inadequately protected website.
Computer penetration testing is a particularly effective tool for detecting and correcting security vulnerabilities in your website. 
Why secure your website?
Is it really that important to secure your website?
After all, it’s often not directly linked to company applications and data.
It’s just a showcase, and no confidential information is displayed.
And yet… A poorly configured website can present a security vulnerability.
It may be that the password is too weak, or that the configuration is left at default after installation, or that a module with known vulnerabilities is used, or that updates have not been carried out… The hacker will first exploit this flaw to gain superior access rights.
From then on, he will have access to a certain amount of sensitive information: users, passwords, database access… He can then try to obtain additional rights on the server itself, and from there, bounce onto your computer network.
Once it has sufficient access and rights, it will be in a position to cause damage.
So it’s particularly important to secure your website, not necessarily because of what it contains, but because it can serve as an entry point for the hacker to go further into the information system.
Choosing a computer intrusion test
A computer penetration test is carried out by cybersecurity experts.
They use the same techniques as a hacker to try to gain access to a computer system.
The advantage is that the test is carried out under conditions close to a real attack, and is therefore very concrete.
A penetration test, also known as a Pentest, will clearly identify your website’s cybersecurity vulnerabilities.
But it doesn’t stop there.
Unlike a conventional security audit, which simply lists vulnerabilities, the experts will produce a comprehensive report containing concrete actions to be taken to correct and prevent security flaws on your website. 
The different types of penetration test
There are different types of penetration test.
The differences mainly concern the organization of the test and the way the experts work.
Whichever type of penetration test you choose, you’ll receive a full report on completion.
Black Box” intrusion test
The “Black Box” intrusion test is the one that most closely resembles a real-life cyber attack.
The auditors are placed outside the company, in the same conditions as a hacker.
The team in charge of website management is unaware that a penetration test is in progress, and can react if it detects one.
Security holes that can be exploited on the website from the outside are identified and exploited.
White Box” intrusion test
The “White Box” intrusion test is the exact opposite of the “Black Box” intrusion test.
The auditors will work in close collaboration with the company team.
They will have access to all technical and non-technical documentation relating to the website and its management.
Similar to a conventional security audit, the “White Box” intrusion test is much more comprehensive, with concrete proposals for action at the end.
Grey Box” intrusion test
Between the other two types of test, we find the “Grey Box” intrusion test.
The intrusion test will be carried out from inside the company.
The auditor will have the same rights and access as any other employee.
The auditor’s objective is to try and gain access to confidential information on the web site that he or she should not have. 
Intuity and penetration testing
Intuity has been offering services in all areas of cybersecurity since 2018, including computer penetration testing.
Depending on your wishes and needs, they are able to carry out “Black Box”, “White Box” or “Grey Box” penetration tests.
Your website will be audited, and software and configuration vulnerabilities identified.
In particular, we will investigate the following elements:
- Older software versions / missing updates,
- Configuration left as default after installation,
- Wrong configuration,
- Simple passwords,
- Modules not updated / with known security holes,
- etc …
A computer penetration test consists of six distinct phases:
- Kick-off meeting: approach, test schedule… Naturally, in the case of a “Blackbox” intrusion test, this meeting does not take place.
- Target definition: intrusion test on the entire website and/or related services, or on a more restricted part.
The scope of the audit and the strategy to be applied must be defined as early as possible. - Intrusion testing: controls, manual and automated tests.
- Audit report: summary of identified vulnerabilities.
- Results presentation meeting: presentation of the concrete actions to be implemented and the cost/benefit ratio in relation to the risk incurred.
- Follow-up on action plan: define schedule, monitor implementation of recommendations.
Securing your website
Based on the full report provided by Intuity after the intrusion test, you’ll need to implement the cybersecurity recommendations.
I can support you throughout this delicate phase of securing your website.
Working closely with your teams, we’ll draw up an action plan based on the report provided.
I will then apply the recommendations of the Intuity experts to ensure optimum security for your website.
