Intrusion Test

Ask a question

Intrusion Test

Intrusion tests (abbreviated as pen tests) consist in testing an information system's protection methods by subjecting the system to a real situation.

Two methods are generally used:

  • The black box method that consists of trying to infiltrate the network without any knowledge of the system in order to perform a realiztic situation
  • The white box method that consists of trying to infiltrate the system equipped with knowledge of the entire system in order to test the limits of the network's security

The consent (preferably written) of the highest level of the hierarchy must be received before these tests are performed, the reason being that they could cause possible damage and because the methods used are considered illegal without the express authorization of the system owner.

An intrusion test is a good way to increase the awareness of those involved in the project when it reveals a flaw. On the other hand, it does not guarantee system security because the testers may miss detecting vulnerabilities. Security audits are a better method for ensuring a higher level of system security because they take organizational and human elements into account and the security is anaylsed internally.

Jean-François Pillou

CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jeff Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.

Learn more about the CCM team


Latest update on October 16, 2008 at 09:43 AM by Jean-François Pillou.

This document, titled "Intrusion Test," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (