PUT YOUR SECURITY TO TEST BEFORE REAL WORLD ATTACKERS TEST IT FOR YOU…
…or better known as Penetration Testing.
A Penetration Test is designed to answer the question “How effective are my company’s existing security controls against an active, human, skilled attacker?" You might be unpleasantly shocked by the answer.
A Penetration Test simulates an attack on IT Systems allowing for multiple attack vectors to be explored against the same target. It involves use of automated tools and process frameworks but its main “ingredient” is the skilled tester or team of testers, who can both analyze and synthesize their findings, think outside the box and attack your assets using combinations of the exploits discovered, and be as determined as a hacker in real world would be.
There are many reasons you would want to invest in regular penetration testing for your organization. For example, meeting compliance (i.e. for PCI DSS requirements), determining the vectors used to gain access to a compromised system or network after a security breach incident, assessing the magnitude of potential business and operational impacts of successful attacks, testing the efficiency of your defending systems and mechanisms.
NETWORK PENETRATION TEST
The most common, demanding and time-consuming test would be Network Penetration Test. All the components which the corporate network is comprised of are being tested for security weaknesses and vulnerabilities and then get attacked by the testers.
Basic scenarios of a network Penetration Test, would be:
External Penetration Testing scenario
Using a public IP as an attack originating point we try to compomise your externally visible servers or devices, such as firewalls, DNS, e-mail servers, Web servers. The objective is to evaluate if an outside intruder can get inside your network, and how far they can get in, if they manage to gain access.
Internal Penetration Testing scenario
Using a host in your network, or through a VPN connection we try to imitate an inside attack (behind the firewall) by an internally authorized user with standard privileges. Through this approach we can determine the amount of damage an insider would be able to cause to your organization.
Wireless Penetration Testing scenario
Α Wireless Attack and Penetration test could be conducted by our testers to discover, the existence of unauthorized (rogue) access points, if any, located in your organization's establishment, as well as any misconfigured or compromised authorized wireless access points.
WEB APPLICATION SECURITY TEST
It is common ground for many companies to offer core business functionality through Web-based applications. These Internet facing applications allow the global customer to reach to your organization, but at the same time provide access to partners inside your intranet, introducing new security vulnerabilities.
The increased amount of traffic that has to be allowed to pass through the firewall could be cause for concern in terms of systems security. A Web-application security testing can evaluate the efficiency of the application's security controls and identify vulnerability and risk.
Social Engineering Penetration test involves using methodologies to manipulate a company employee in order to acquire confidential or proprietary information.
Psychological exploitation methods for tricking/persuading are used to build trust between an employee and an outsider, so that the employee's natural defense mechanisms are dulled and will be more easily prone to divulge sensitive information.
The test imitates attacks of malicious social engineers to breach your organization's security. This test reveals how strong your company's human component is i.e. your employees' ability to prevent unauthorized access to company's systems.