Technical analysis of the safety level of IT systems and networks. Complete investigation of the hardware / software systems for security vulnerabilities. Simulation of potential attacks from internal and external perpetrators (intranet, internet).
The detection of security vulnerabilities includes the following sub-processes:
Information Gathering/Preparation of the testing
- Foot-/Fingerprinting: Obtaining information on the entire Hardware-/Software-System (Blackbox, Whitebox)
- Network analysis
Vulnerability Detection and Verification
- Vulnerability scanning: review of the entire hardware-/software-configuration to leaks and covert security bugs (security configuration) and verification of vulnerabilities
- Analysis of firewall rules
- Review of the encryption in networks (WLAN, LAN, WAN) and on servers
- Exploiting known vulnerabilities
- Development and review of security strategies: password policies, e-mail policies, firewall, server policies, security mechanisms, security policies etc.
- Determination of safety levels
- Presentation: Preparation of progress (fully documented) results, final report of all investigations with a recommendation for action to enhance security levels
- Conclusive documentation with recommendations to enhance security levels
- Supporting the development of preventive security measures to attack defense and prevention of abuse cases and in the development of a cyclical auditing process to increase the resistance value of IT to continuously and sustainably
The critical findings will be retested after the customer has released the fixes.
This activity is done by one of our partners.