White Hat Penetration
TWM Associates, Inc., (TWM) had approached and developed our “white hat penetration” approach back in the early 1990s is still using it today.
It is based on the concept of identifying tools and generally publicly available information and utilizing that information in a manner that an undesirable intruder on a system might utilize the same tools and information. This concept, implemented from a cross between an engineering perspective and a controls testing perspective, has proven extremely effective in penetrating, and forceful in presentation to individuals who have no or limited technology savvy. Being asked in a Boardroom to demonstrate an actual “white-hat penetration” and succeeding during the presentation is a strong indication of what undesirable intruders can do, and brings attention to security in a most immediate manner. Of course, not all penetrations happen in this way, but it is a clear and concise picture of not just what “could” happen from ports and protocols being open, but actual indication of what does happen if a “trusted” resource is compromised. TWM works with our customers, and their budgets, to define what the mission/goal is of the effort and develops the appropriate work plans and testing activities to support these efforts.