• Project Title: The Effectiveness of Penetration Testing in IT Systems

  • BASIS Advisor: Aaron Glanzer

  • Internship Location: Casepoint, LLC.

  • Onsite Mentor: Usha Raj

With more companies turning to cloud-based platforms to conduct their business, it is important for them to make sure their IT systems are secure so that any attempts to break into them do not result in the leak of any sensitive employee, vendor, or client data. Over the past decade, experts have been conducting studies on various IT security testing methods and how effective they are at revealing vulnerabilities in networks. Penetration testing (or pentest) -- an authorized cyberattack on a network -- has become a very popular security testing method. However, there haven’t been many studies to test how effective it really is. With my project, I aim to conduct further research and investigations to determine how effective penetration testing is at revealing vulnerabilities in IT systems, specifically web servers and API’s (Application Programming Interfaces). I will work as an intern for Casepoint, LLC, an IT solutions company. Casepoint has a pentest team that will conduct various penetration tests on a series of networks, mainly web servers and API’s, to see how many vulnerabilities they contain. After each test, reports are written on them to detail what the pentesters discovered, particularly the number of vulnerabilities they were able to discover in the network they hacked. I plan to use this as a measure of the effectiveness of pentest. The reason why this study is important is because it is important for a company to properly secure its networks to prevent any cyberattacks or prevent them from ruining its reputation.