Penetration Testing

PENETRATION TESTING is a hack purposely done for the sake of security. We simulate the activities of a potential hacker. Before the testing begins we identify the hacking objectives and attacker model, which our experts then imitate.
Stages for Preparation of Penetration Testing
1
Identify Objectives of Penetration Testing
One of the possible objectives is an unwanted action within the system, one which an attacker would likely to take. The most valuable objectives for an attacker are services from which it is easy to extract material benefits, for example, associated with the transfer of money.
2
Choose the Attacker Model
An attacker model can be based on any role, as long as that role has an impact on the security of the tested object. It can be an external anonymous user visiting the corporate website, a customer, an office visitor or an employee, including a system administrator or a middle manager.
3
Choose the Testing Method
There is a black, gray, and white box penetration testing. The difference between them is in regard to the amount of information about the system given to the researcher. This is sugnificant, as the time available for testing is limited. If there's not enough information, our experts have to spend time collecting and analyzing the data.
Testing Methods
Black Box
No information about the system is given to the penetration tester, who has to collect these data on their own.
White Box
The expert can request and then receive any security-related information. It can be a network topology, internal architecture description or information on the security controls being implemented.
Gray Box
This method is a cross between the two methods listed above. The client provides the experts with the agreed set of information.
International Standards Compliance
Some standards require penetration testing as a part of security assessment. For example, PCI DSS Requirement 11.3 requires the perfomance of penetration testing from both inside and outside the payment infrastructure. This includes network and application layer testing.
What you receive
Detailed description of all identified vulnerabilities
Recommendations on elimination of the identified vulnerabilities
Description of the attack vectors and results of their exploitation
Optional presentation for company management
Contact Us
Feel free to contact one of our experts at:
271 A, Prospekt Obukhovskoy Oborony, Saint Petersburg, 192012, Russia