The IT Law Wiki

Internal security testing

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Internal security testing is where

assessors work from the internal network and assume the identity of a trusted insider or an attacker who has penetrated the perimeter defenses. This kind of testing can reveal vulnerabilities that could be exploited, and demonstrates the potential damage this type of attacker could cause. Internal security testing also focuses on system-level security and configuration — including application and service configuration, authentication, access control, and system hardening.[1]

References Edit

  1. NIST Special Publication 800-115, at 2-5.

Also on Fandom

Random Wiki