On Friday 25.09.2020, AWARE7 will host a webinar on the Pentest Trends 2020. Matteo Große-Kampmann will provide current figures and internal details on penetration tests performed from 10:00 a.m. How to register for this free webinar and what topics you can expect to hear is explained in this blog post.
Pentest Trends 2020 – These topics are covered
A penetration test is now standard for many companies. One reason for this importance of security testing is, among others, the DSGVO or requirements of the BSI basic protection or the ISO27001. The DSGVO states that stored data must be protected “according to the state of the art”. Checking this state of the art and then implementing it is usually beyond the competence of the individual companies. In these cases, IT security must be outsourced to third parties. This outsourcing or review of IT security usually takes the form of a penetration test.
In the Pentest Trends 2020 Matteo Große-Kampmann examines different pentest methods, because basically the execution of a penetration test has to be well planned, so that it is adapted to the respective goal. In the webinar, participants will be given an overview of the four overarching strategies that exist for conducting a penetration test.
As an example, we will sketch an “internal test” here: One possibility for an internal test is to simulate an employee who wants to get access to closure data from other teams. Since smaller companies often have no, or very few, internal teams, this strategy is more likely to be seen in larger companies.
Which three other strategies exist and for which industries and areas this strategy is most useful, you will learn in the webinar next Friday.
Beloved test types of the past year
In addition to the various methods, the webinar “Pentest Trends 2020” will report on past test types that have been particularly common. Besides the external network, different aspects of IT security can be tested. Five different test types will be presented in the webinar. In addition to the classic external network test, other possibilities, such as a social engineering test, will be explained.
Social Engineering is a topic in IT security which is gaining more and more attention. The reason for this growing reputation is that the past years have shown that not the technical security holes are the most dangerous but the human ones. These include phishing mails or other attack vectors that aim to make the human being make a mistake, whereby the attacker gains access to the internal system, for example.
The webinar will feature a case study that reports on a past social engineering test conducted by AWARE7. In detail it is reported how various employees* could be manipulated so that a possible attacker could gain access to a protected area. Viewers of the webinar will be given a clear explanation of how this test is conducted and what benefits the company and employees can gain from this test.
Statistics of the Pentest Trends 2020
70 different penetration tests have been conducted by AWARE7 GmbH since 2019. 15 of these tests, about 21%, the test type was the internal network. This test type reveals weaknesses that an insider, e.g. an employee, could exploit. In addition to the internal network test, code review, which analyzes program code, is also one of the test types that should protect against insiders.
Application analysis took the largest share with about 34% in 2020. This test is about testing an application from outside. This test type tries to protect the systems against outsiders, the classic external hacker, and thus uncover vulnerabilities before they are exploited by criminals.
Due to the corona pandemic, which has affected a large period of 2020, the figures may be delayed, as internal tests in particular tend to be avoided in current times. penetration tests are an exciting field and we will explain the current trends in our webinar. We are looking forward to your participation.