A penetration test, occasionally pentest, is a method of evaluating the security of a web application by simulating an attack from a malicious source, known as an Ethical Hacker. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner, together with an assessment of their impact, and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine the feasibility of an attack and the amount of business impact of a successful exploit, if discovered. It is a component of a full security audit.

Appin follows the OWASP and SANS standards for conducting vulnerability assessment, always carried out in any penetration testing assignment to insure that the known vulnerabilities are covered. We do understand that when clients come to Appin Security Group, they are looking for something more. Our ethical hackers have developed a tool with over 320 installations that is used for penetration testing assignments. The Council of Registered Ethical Security Testers (CREST) is a UK non-profit association created to provide recognised standards and professionalism for the penetration testing industry and is used by Appin Ethical Hackers to insure safety of the penetration testing exercise. CREST provides a provable validation of security testing methodologies and practices, aiding with client engagement and procurement processes and proving that the member company is able to provide testing services to the CREST standard.