Menu option: InfoSec > Internal PenTesting

The Internal PenTest (Penetration Testing) Module provides a clear, non-intrusive overview of your infrastructure’s network attack surface from inside your firewall. 

The Module employs an agent to scan one of three components: network, API or Full Stack. The scan employs a number of tools depending on the types of scan, to identify potential vulnerabilities.  

To scan from outside the firewall, use the Reconaissance Module.

The key areas within PenTest are:

• Discover - this is where you schedule scans or run an on-demand scan, and view the scan outcomes and history. Make sure you are fully authorised to run these scans, as although they are non-intrusive, running penetration tests without authorisation may violate internal policies or legal requirements.
• Insights - here is where you’ll see a more detailed breakdown of scan results, including vulnerabilities and their severity, and broken down by the tool that identified them. You can also see a visual representation if trends over time.

Related Articles

• Download the PenTest Agent
• Set up a scheduled PenTest
• Run an on-demand PenTest
• Review security vulnerabilities