Conclusions

The basic point of encryption is to render the PII in a garbled state so that if it were to be intercepted by a cyberattacker, these datasets would be rendered useless unless the cyberattacker had the appropriate key to unlock them into a decipherable format. This chapter illustrates the unknown flaws that may exist in web apps and infrastructures using true stories. It presents critical elements of penetration testing that need to be understood. The chapter also presents the key types of penetration testing: external penetration testing, web application testing, internal penetration testing, SSID or wireless testing, social engineering, including phishing and call campaigns and mobile application testing. It reviews the threat hunting process and the subsequent secondary search and correlation which can lead to more discoveries. The chapter also presents some closing thoughts on the key concepts discussed in the preceding chapters of this book.