Services Vulnerabilities Exploits Publications News Blog About DSecRG


Penetration test

What is Penetration Test?

Penetration test is a way of security assessment which helps to objectively estimate the chances of unauthorized access to your corporate network resources and site as well as to understand attack vectors and vulnerabilities an attacker may use. Penetration test simulates attacker's actions when he is trying to penetrate your information system. Thus, penetration test helps to reveal security threats and vulnerabilities in your network by performing various attacks in a way a real malicious attacker would do.

How penetration test is performed?

Penetration test can be performed in a slightly different ways depending on some conditions. The main condition is the level of penetration tester's knowledge about the testing system (black box or white box methods) and the level of the client’s knowledge about the penetration test (stealth or open methods). For example, if information security managers are the only ones aware of penetration test it will then be possible to check not only the security level of information system but the level of responsiveness of information security and IT experts as well. The main goal is to operate exactly as an attacker and act as stealthily as possible, leaving no traces. On the other hand, if information security and IT experts know about the penetration test the main idea is to detect as much vulnerabilities as possible and evaluate the chances of penetrating the system. The main key of active assessment is opportunity to find any security issues by means of a simulated attack, using the same techniques as a malicious user (hacker) would use. This allows to objectively evaluate the security level of your information system.

The common targets for penetration test are:

  • Operation systems;
  • Web-applications;
  • Network equipment;
  • Wireless networks;
  • Database Management Systems;
  • Enterprise level systems (such as ERP);
  • Personnel (social engineering).

Penetration test by Digital Security is performed by high-class auditors team. Various tools, such as scanners, are used only during the preparation stage, since they only help in trivial cases when vulnerabilities are obvious and easy to find. During the whole test auditors perform complete analysis of all components of the audited objects, choose appropriate attack scenarios and in specific cases may develop unique software to penetrate the information system.

Result

A detailed report of penetration testing contains detailed description of the work done, all detected threats, vulnerabilities and their exploitation techniques. It also contains actual recommendations on how to eliminate the vulnerabilities detected and how to increase the security level of your information system.

Please contact us at services@dsecrg.com


DSecRG security services

Information security audit

Penetration tests

SAP Security Assessment

PA-DSS Certification

Complex Oracle database security audit

Oracle database penetration tests


Public References to DSecRG











See also: OpenBSD, XOOPS, RunCMS, APC, Claroline, Gallery, BlogCMS...


© 2002—2012, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search