Penetration Testing

Technical analysis of the safety level of IT systems and networks. Complete investigation of the hardware / software systems for security vulnerabilities. Simulation of potential attacks from internal and external perpetrators (intranet, internet).

The detection of security vulnerabilities includes the following sub-processes:

Information Gathering/Preparation of the testing (30%)

  • Foot-/Fingerprinting: Obtaining information on the entire Hardware-/Software-System (Blackbox, Whitebox)
  • Network analysis

Vulnerability Detection and Verification (30%)

  • Vulnerability scanning: review of the entire hardware-/software-configuration to leaks and covert security bugs (security configuration) and verification of vulnerabilities
  • Analysis of firewall rules
  • Review of the encryption in networks (WLAN, LAN, WAN) and on servers
  • Exploiting known vulnerabilities

Reporting (40%)

  • Development and review of security strategies: password policies, e-mail policies, firewall, server policies, security mechanisms, security policies etc.
  • Determination of safety levels
  • Presentation: Preparation of progress (fully documented) results, final report of all investigations with a recommendation for action to enhance security levels
  • Conclusive documentation with recommendations to enhance security levels
  • Supporting the development of preventive security measures to attack defense and prevention of abuse cases and in the development of a cyclical auditing process to increase the resistance value of IT to continuously and sustainably

A summary of the test suite with over 30 tests:

– Code injection (XSS)
– Verify application for CRSS(Cross Site Scripting)
– Cross Site Request Forgery (CSRF)
– Password policies
– Cookies
– Sessions
– Privilege elevation
– Behavior under stress: password, clicking, flooding with data
– Behavior under DDOS
– Database vulnerabilities testing
– Patching level of servers
– Exploitations of RDP
– Brute force password attack
– Insecure Cryptographic Storage
– Failure to Restrict URL Access

and many more.

This activity is done by one of our partners.