Pentest, or penetration testing, stands for a range of processes that simulate attacker’s actions to identify security weaknesses. Usually, a company engages third-party security experts in conducting such a work and provides them with address(es) of server(s) they should examine.
Pentests are often divided into two types: a pentest, in which experts are provided with background system information, is called a white-box one; and black-box pentest, accordingly, if this data is unknown.
Penetration test is a practice of attacking an IT infrastructure to evaluate its security and determine whether malicious actions are possible. Although it’s a typical task, the nature and methodology of a penetration test is largely dependent on the scope, aims, specifics of a client company, and many other factors.
Once ERPScan team was conducting a penetration test in a large manufacturing organization. The task was not so ordinary and easy because the number of systems in the scope was huge and little time was allotted. That’s why it was absolutely necessary to perform Threat Modelling before diving into the process of hacking. Here we decided to describe this case study in detail. This series of articles is intended to explain what SAP Penetration testing is.
The first step of every successful penetration testing is Threat Modelling. At this stage a cybersecurity professional gets understanding of business processes of a typical manufacturing company, identifies the most critical assets and associated risks. The gathered information helps a penetration tester to decide what to focus on.