An internal penetration test on the online system simulates unauthorized access performed by either a legitimate user or an unauthorized user who gained physical access to one of the communication devices or servers’ operational environment. The internal penetration test is performed with a direct connection to the attacked server.
The security logic of this act is that a server, which is protected from direct penetration, is definitely protected from an external attack, in which it is also protected by the Firewall(s).
The deliverable of this stage is a report of findings and operative recommendations.