The Best Penetration Testing Tools Available Today

Penetration testing illustration

Although Bill Gates may have warned world leaders about being unprepared for a future global pandemic back in 2015, it’s fair to say that few others could claim to have seen this coming in the way that it has. Yet here we are, with a seismic change to global business practices having been effected in just a few weeks – particularly the widescale introduction of remote-working – and it’s fair to say that the vast majority are on the back foot.

There is, however, no time to panic and even less time to waste. And change certainly doesn’t mean foregoing best practice. If anything, a rigorous and attentive approach to key processes and procedures is more important for businesses now – at a time when business continuity plans are already being stretched to their limits.

While the COVID-19 dominates all our lives, cyber criminals are doing what they do best. As versatile and well-resourced opportunists, they are wasting no time in capitalising on the chaos, exploiting any vulnerabilities they find and conducting regular cyberattacks.

Today, it is more important than ever to be proactive, putting yourself in the mindset of a hacker, scrutinising your own network systems to identify vulnerabilities before someone else does. As part of this process, businesses can carry out regular penetration testing, which simulates the actions of both external and internal cyberattacks. This can help your business identify weak spots and, consequently, carry out remedial work to bolster defences accordingly.

But first the bad news: there is no such thing as the perfect off-the-shelf penetration testing tool. The good news, however, is that there are a number of good penetration testing tools which, in the right hands, will deliver the best results.

Vulnerability scanning tools

These are automated tools which are used to swiftly and systematically detect common vulnerabilities, uncovering defects via pattern-matching and monitoring of system response. If the testing schedule is correctly scoped at the outset, these tools are effective within their limitations. Although they can only detect known threats, they are an essential part of the testing process, providing an excellent starting point for deeper penetration testing.

Manual penetration testing

Once vulnerabilities have been identified through the automated test, these potential opportunities can be explored and exploited by experienced manual penetration testers to probe deeper and detect new or previously unknown threats. This significantly widens the scope of the penetration test, building in a much higher degree of security and resilience. The best manual penetration tests are conducted by CREST-certified experts and will include a detailed report with specific recommendations to address all outstanding security issues.

Web application testing

Testing a website is vital to ensure malicious attack attempts do not exploit poor configuration, out of date patching, cross-site scripting or injection vulnerabilities of the underlying web application. This is done by testing web services for known vulnerabilities and configuration issues, by ensuring that web vulnerabilities are not present and, in some cases, by searching for malicious shells.

Network security testing

All organisations, from huge multi-nationals to charities and SMEs, rely on networks (wired, wireless and cloud based) for their business connectivity. Regular and robust testing will identify any risks to these networks, particularly where hubs are used which are not part of the company network. This includes testing routers, switches and firewalls, remote access solutions and Virtual Private Networks (VPNs). It also includes a review of operating systems, patching policies and the change governance process.

Social Engineering testing

In information security, the human element is often the weakest link; leaving an organisation open to unintentional vulnerability. Social engineering is an attack vector that relies on the psychological manipulation of people to gain access to systems. This is particularly relevant in the current climate when remote-workers may not have had time for specific security and reporting training.

While social engineering tests can be run alongside penetration testing to provide a current and valuable knowledge base around the day-to-day threats facing staff members. By enlisting a trusted third party to simulate this type of event and provide follow-up training, it is possible to successfully change staff behaviours and daily processes to reduce risk.

What to look for from penetration testers: CREST accreditation

Successful penetration testing relies on a deep level of trust. If the skill-set is not available in house, or where new working practices have introduced new elements of risk, professional consultancies can provide the expertise required.

Not all penetration testing consultancies are the same, however. CREST is the international professional level certification for information security testing and CREST accredited companies have a demonstrable level of assurance that their information security methodologies will provide their clients with a robust assessment of their information security posture. In addition, CREST accredited consultants can provide full reports on the remedial action required and, if necessary, make the appropriate changes. There may not be one tool to cover the whole penetration testing requirement, but a CREST-accredited consultancy does effectively provide a one-stop-shop. It is also a cost-effective solution, because you do not pay for the tools you don’t need, only the ones you do.