Penetration Test

 

CipherTronix's pen testing service tests the security of your IT systems, by identifying and exploiting their weaknesses according to an approved plan. We profile your organization by looking at your business processes, information flows and the technology that supports your operations. This allows us to determine the resilience of your environment to malicious attempts to penetrate your systems. 

Pen Test Methodology 

CipherTronix has a documented, tried and tested, penetration testing methodology based on industry best practices such as the OSSTMM (Open Source Security Testing Methodology Manual). This ensures that you receive quality results and minimizes the risk to your systems under test.

 

pentest_steps

Scoping - To finalize the given scope of the target network environment in terms of what has to be tested and how it should be tested, what conditions should be applied during the test, the limitations of the test, how long will it take to complete the test, and what business objectives will be achieved. 

Information gathering - Use publicly available resources to learn more about the target - Reconnaissance 

Target discovery - Identifying the target's network status, operating system and its relative network architecture, this helps in enumerating various services running over the network. 

Enumerating target - This phase finds the open ports on the target systems. Once the open ports have been identified, they can be enumerated for the running services.

Vulnerability mapping - To identify and analyze the vulnerabilities based on the disclosed ports and services.

Social engineering (optional) - When there is no open gate available for an auditor to enter the target network, using a human attack vector it is still possible to penetrate the target system by tricking a user into executing malicious code that should give backdoor access to the auditor.

Target exploitation - After examining the discovered vulnerabilities, to penetrate the target system based on the types of exploits available.

Privilege escalation - Once the target is acquired, an auditor can now move freely into the system depending on his access privileges. These privileges can be escalated using exploits in this phase.

Maintaining access - Sometimes it is mandated in the scope to retain access to the system for a specified time period. This can be used to demonstrate illegitimate access to the system without going through the pen testing process again.

Documentation and reporting - Documenting, reporting, and presenting the vulnerabilities found, verified, and exploited will conclude our penetration testing cycle.

 

Commonly Tested Areas Are:

Wireless-Penetration-Test

  • Off-the-shelf products (operating systems, applications, databases, networking equipment etc.)
  • Systems in hostile environments (websites, ecommerce etc.)
  • Bespoke development (dynamic web sites, in-house applications etc.)
  • Telephony (war-dialling, remote access etc.)
  • Wireless (WIFI, bluetooth, IR, GSM, war driving etc.)
  • Personnel (screening process, social engineering etc.)
  • Physical (access controls, dumpster diving etc.)

 

Why do you need a Pen Test?

A Pen Test is a critical requirement for meeting regulations such as PCI DSS, SOX, and HIPAA and industry standards such as ISO 17799 and ISO 27001 as important security tests that an organization must regularly undertake.

 

Pen Test Tools

Our team uses many tools similar to those used by attackers on the internet - in conjunction with commercial, and the best of breed open source penetration tools. Keeping up to date with the latest security vulnerabilities, trends and hacking techniques is the core objective of our team.

 

Reporting

We produce a comprehensive report coversing our approach, the applied techniques, the vulnerabilities identified and recommendations to ensure that your systems are secure against future attack.

 

Pen Test Scenarios

pentest

Our team can perform a range of assessments that simulate scenarios as individuals with varying degrees of knowledge and access to your systems.

  • External Pen Test – Simulate intruders on the Internet with limited knowledge
  • Internal Pen Test – Simulate disgruntled or careless employees or contractors with legitimate access to the corporate network
  • Extranet Pen Test – Simulate business partners who are part of the corporate Extranet
  • Remote access Pen Test – Simulate intruders from known and unknown remote access entry points

 

Our Ethics

The ethical vision of security testing constitutes rules of engagement that have to be followed by an auditor to present professional, ethical, and authorized practices. These rules define how the testing services should be offered, how the testing should be performed, determine the legal contracts and negotiations, define the scope of testing, prepare the test plan, follow the test process, and manage a consistent reporting structure. At CipherTronix we practice these guidelines to the last letter.

 

I like very much this iPage Hosting Review because this is based on customer experience. If you need reliable web hosting service check out top list.
Joomla Templates designed by Best Cheap Hosting