Why should I take a pen test in my company?

By January 17, 2020 No Comments

* Raphael Denser

Various information circulates daily on corporate networks and knowing how to protect yourself from data theft and / or fraud is currently very important.

THE information security is an important and fundamental concept for any company, often more than the strategic one, the pen test is essential for protecting corporate and personal data, supporting information security in preventing losses and losses that can cause huge damages, affecting the organization's image and capital.

THE information security it guarantees business continuity, minimizing risks, maximizing return on investments and opportunities.

But why should I take a Pen Test?

pen test it is a photograph, a portrait of that moment of the environment on the network. Through this photograph, the test helps the company to see possible gaps in its environment that may pose some risk in a network, system or application. The Pen Test offers efficient results to the company, evaluating the level of exposure of the environment.

Among the main benefits are:

  • Testing of controls and implementations;
  • Compliance with security standards (example: PCI-DSS);
  • Improvement in meeting the requirements imposed by the LGPD law;
  • Zeal for the company's reputation;
  • Reduction of risks that can generate losses.

The results allow:

  • Prove the impact of the risk;
  • Make better decisions and invest correctly in security;
  • Improve defense controls and mechanisms;
  • Anticipate future attacks.

The Pen Test takes more time to execute compared to a vulnerability analysis, but it is more accurate and effective, besides allowing a real view of the risk and impact for the business, allowing the discovery of unknown vulnerabilities in the corporate environment.


  • Exploits vulnerability and measures impact;
  • It makes it possible to find unknown vulnerabilities;
  • Concrete information through the report;
  • Validate that the corporation's security posture is adequate to deal with current threats;
  • Mix automated tests with manual tests.

Penetration or penetration tests aim to discover and exploit security flaws, thus allowing organizations to correct their points of vulnerability.

In an intrusion test, all the devices that a hacker would normally use are used. In other words, what we have are controlled simulations of real attacks, aimed at assessing the organization's security and reporting deficiencies in the environment.

At the end of a Pen Test,  a report is usually generated with the steps that have been taken, evidence collected and suggestions for actions to be taken to improve the security of the corporation. It is important to understand the impacts that exploited vulnerabilities can have on the business, with this report it is possible to make decisions about features and functionality that need to be repaired, disabled or configured to increase data security and reliability.

Raphael Denser is Cybersecurity Consultant - RED TEAM at [SAFEWAY]

Regarding the [SAFEWAY]

SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!