Technical analysis of the safety level of IT systems and networks. Complete investigation of the hardware / software systems for security vulnerabilities. Simulation of potential attacks from internal and external perpetrators (intranet, internet).
The detection of security vulnerabilities includes the following sub-processes:
Information Gathering/Preparation of the testing (30%)
- Foot-/Fingerprinting: Obtaining information on the entire Hardware-/Software-System (Blackbox, Whitebox)
- Network analysis
Vulnerability Detection and Verification (30%)
- Vulnerability scanning: review of the entire hardware-/software-configuration to leaks and covert security bugs (security configuration) and verification of vulnerabilities
- Analysis of firewall rules
- Review of the encryption in networks (WLAN, LAN, WAN) and on servers
- Exploiting known vulnerabilities
- Development and review of security strategies: password policies, e-mail policies, firewall, server policies, security mechanisms, security policies etc.
- Determination of safety levels
- Presentation: Preparation of progress (fully documented) results, final report of all investigations with a recommendation for action to enhance security levels
- Conclusive documentation with recommendations to enhance security levels
- Supporting the development of preventive security measures to attack defense and prevention of abuse cases and in the development of a cyclical auditing process to increase the resistance value of IT to continuously and sustainably
A summary of the test suite with over 30 tests:
– Code injection (XSS)
– Verify application for CRSS(Cross Site Scripting)
– Cross Site Request Forgery (CSRF)
– Password policies
– Privilege elevation
– Behavior under stress: password, clicking, flooding with data
– Behavior under DDOS
– Database vulnerabilities testing
– Patching level of servers
– Exploitations of RDP
– Brute force password attack
– Insecure Cryptographic Storage
– Failure to Restrict URL Access
and many more.
This activity is done by one of our partners.