Penetration Testing & Vulnerability Assessment
As part of our cyber security services, we offer different types of penetration testing and vulnerability assessment to check the security posture of your organization. The purpose of such assessment is to discover blind spots and gaps in the implementation of security solutions. There is always a chance that your IT team – no matter how competent they are – may miss a critical security component or misconfigure a crucial network service. That is why penetration tests, done by third-party assessors, on a periodical basis are essential to a robust information security management.
We offer the following types of penetration test:
- Network Penetration Testing.
- Web and Mobile Application Penetration Test.
- Social Engineering Assessment.
- RedTeam Operations.
Network Penetration Testing
In this type of test, the penetration tester attempts to break into the network which comprised of all systems, such as AD, SQL DB, Wireless, File servers, DNS servers, Web servers, Routers and Switches, etc. Network penetration tests can be further classified into two categories:
- External: the test simulates an external attacker over the Internet.
- Internal: the test simulates a malicious insider.
Our network penetration test follows an internationally recognized comprehensive methodology, particularly, the Penetration Testing Execution Standard (PTES). In short, our test is composed of the following stages:
- Pre-Engagement Preparation.
- Intelligence Gathering.
- Scanning and Network Mapping.
- Vulnerability Analysis.
- Exploitation and Password Cracking.
Web/Mobile Application Penetration Testing
When you develop an in-house web application or a mobile application, that application may contain vulnerabilities if not assessed properly. Security experts have estimated that there are 15 – 50 vulnerabilities per 1000 lines of code. Here lies the important of application-level penetration testing.
We can assess your web applications, written in PHP, JSP, ASP.NET, etc., as well as your mobile applications written for iOS or Android.
Our application penetration test follows the international methodology devised by OWASP (Open Web Application Security Project). Some of components we test are:
- Configuration & Deployment.
- Identity Management.
- Authentication & Authorization.
- Session Management.
- Input Validation.
- Error Handling.
- Encryption Schemes.
Red Team Operations
Red Team Operations combine all forms of penetration tests, including physical intrusion, in a black-box style – where the testers have no prior knowledge about the internal structure of the organization. In addition, a red team operation gets authorized by the highest executive of the enterprise without the IT team knowing about it.
A Red Team Operation is an all-in intrusion simulation where the red team attempt network attacks, web application attacks, social engineering attacks, and even physical intrusion. This type of operations can mimic advanced threat actors as well as state-sponsored cyber attacks.
If you have a large enterprise that holds a lot of sensitive information, you cannot rely on traditional forms of penetration testing. You will have to go an extra mile by get a full red team operation performed at least every 2 – 3 years.