Internal Penetration Testing
Internal penetration testing provides protection from internal threats and ensures that internal user privileges cannot be misused.
Too often organisations rely on the first line of defence to prevent compromise. A successful attack may occur through a valid communication channel, as a result of human error or a software defect in the perimeter. At this point, the security level of each system adjacent to the compromised host will determine the degree to which the attacker can further penetrate the infrastructure.
It is therefore recommended that testing be performed on critical systems in the DMZ or on the internal network using black box techniques. Testing of the corporate user network may also identify the impact of poor access controls, and help to mitigate the impact of a malicious or disgruntled employee.