FREQUENTLY ASKED QUESTIONS

FAQs
___

What is a penetration test?

A controlled attack on a computer system, network or application to identify security vulnerabilities that threat actors might exploit.

Why do you need a penetration test?

A penetration test provides you with confidence in your security posture. Without conducting penetration testing, organisations do not know where the weaknesses are that a threat actor may attempt to exploit.

What are the different types of penetration tests?

External penetration tests target the Internet facing technologies of an organisation. Parts of the organisation could be accessed by anyone, anywhere in the world with an Internet connection.

Web application penetration tests target the applications or websites that your organisation uses to interact with clients and members of the public. This test looks to see if there are any vulnerabilities that could be exploited by the threat actors or by the staff managing the application.

When do you need a web application penetration test?

Web application penetration testing should be conducted at the following times:

  • Before first going live with a web application.

  • After major changes occur to the web application code.

  • Following an actual or suspected incident involving the application.

  • Following changes to the technology hosting or supporting the web application.

  • To meet compliance requirements.

When do you need an external penetration test?

External penetration testing should be conducted at the following times:

  • Before first going live with an internet facing system.

  • After major changes occur to the externally facing components of the organisations technology.

  • Following an actual or suspected incident involving the organisations internet facing technologies.

  • Following changes to the externally facing technology.

  • To meet compliance requirements.

How often should you get a penetration test?

Penetration testing should be conducted twice yearly as a minimum.

What is AI?

Artificial Intelligence (AI) Human intelligence simulated by software coded activity, enabling machines to perform tasks that typically require human cognition.

What is the difference between a Human and AI Penetration Test?

The use of humans always includes the potential element for error. AI penetration tests reduce this potential by using humans for the validation function after the AI component.

Human and AI penetration tests follow the same basic principles and processes.

  • Planning and reconnaissance.

  • Scan for vulnerabilities.

  • Vulnerabilities are safely exploited.

  • Recommendations are developed.

  • Report is generated and communicated.

What sort of report is provided for the penetration test.

Block8 penetration testing provides comprehensive penetration test reporting that is designed to provide you with all the information that you need to act on our findings and secure your systems and networks.

Reports include as a minimum:

  • An executive summary suitable for distribution to non-technical management.

  • Details of key findings of the test.

  • Detailed remediation advice empowering you to secure your systems and networks.

What if the test identifies Critical or High-level vulnerabilities?

Block8 aim to give you every opportunity to come out with a clear test result. To this end we offer free re-tests within 30 days of the original test. This gives you the time to remediate the vulnerabilities identified, following the recommendations provided by Block8 and provides a clear test with certificate to provide clients.

What compliance standards require a penetration test?

All compliance standards require that you better understand your environment, that you identify vulnerabilities and remediate them in a timely manner.

Penetration tests are generally required or recommended for compliance with:

  • Payment Card Industry Data Security Standard (PCI DSS)

  • ISO 27001

  • Essential Eight framework

  • Security of Critical Infrastructure Act(SOCI)

  • Privacy Act 1988 (and subsequent amendments)

  • SOC2

  • EU General Data Protection Regulation (GDPR)

  • US Health Insurance Portability and Accountability Act (HIPAA)

Will Block8 maintain our privacy?

Block8 services offer unrivalled privacy levels fully compatible with national privacy requirements, which are hosted and run entirely within Australian national boundaries.

Whilst not mandated, penetration testing is strongly recommended for compliance with the Privacy Act in Australia.

Block8 T&Cs maintains your privacy and confidentiality.

Why Block8?

Block8.ai is the next evolution in cybersecurity. Our cutting-edge platform harnesses Artificial Intelligence (AI) to conduct comprehensive Penetration Testing with unprecedented speed and precision.

Block8.ai leverages Artificial Intelligence to transform traditional Penetration Testing into a continuous, adaptive process, identifying and exploiting vulnerabilities from multiple angles with speed and efficiency beyond human limitations. Furthermore, Block8.ai ensures every finding is validated by cybersecurity experts to ensure accuracy, quality, and relevance, providing a thorough assessment of your defences.