The idea of such works consists in sanctioned attempts to bypass the existing complex of information system protection measures. In the course of testing, the auditor performs the role of an intruder motivated to breach the information security of the customer's network.
Up to 20% of critical vulnerabilities are detected at the stage of information gathering - with minimal impact (reduced risk of attack detection) on the objects under test. Combined penetration test including social engineering is the most effective - up to 70% users of the attacked system are susceptible to social and technical attacks.
Penetration testing
Security analysis
REQUEST A CALLBACK!
Pentest 5 steps
Intelligence
Collection of preliminary information. For example, about the structure and components of a corporate network (network addressing, network components, security tools used). The collection is carried out from available, public resources
Services discovery
Determination of types and versions of devices, OS, network services and applications by reaction to external influences (i.e., by reaction to various requests)
Vulnerabilities Detection
Identification of vulnerabilities at the network level and application level (automated and manual methods)
Attack
Simulation of attacks at the network level and at the application level
Reporting Documentation
The reporting documetation drafting with detailed recommendations on the results of work
Pentest Scenarios
Internet hacker
An Internet attacker who is not authorized to access information systems and has only publicly available information about the information systems, methods used and means of protection.
Guest
An attacker with network access to internal network (in one of the network segments), who has no right to access information systems and has only publicly available information about the information systems, methods used and security tools.
Disloyal employee
An attacker is operating from the internal network, who has logical rights in the information systems, possibly local administrator privileges and a superficial (possibly detailed) information about the network structure, methods used and security tools.
Who needs penetration testing
Pentest for PCI DSS
External and internal penetration testing is required to successfully pass a certification audit for compliance with the PCI DSS standard.
Pentest for Information Security Directors
External and internal penetration testing is required to successfully pass a certification audit for compliance with the PCI DSS standard.
Our approach to conducting penetration tests will allow you not only to prepare for the audit, but also to obtain useful information about the real state of affairs in the field of protecting your information resources. ur work includes not only systems within the scope of the PCI DSS standard, but also related information systems.
Pentest during the Risk Analysis
In many organizations, penetration testing is a mandatory step in conducting a risk analysis. This is especially true when entering into operation of new systems or after a change in infrastructure, when it is possible to miss the moment of change of information security risks.
Penetration testing will allow assessing the changing risks and monitoring the implementation of information security processes.