Penetration testing, also referred to as pen testing, is a simulated real world attack on a network, application, or system that identifies vulnerabilities and weaknesses. Penetration tests (pen tests) are part of an industry recognised approach to identifying and quantifying risk.
They actively attempt to ‘exploit’ vulnerabilities and exposures in a company’s infrastructure, applications, people and processes. Through exploitation, Spypro Security Solutions is able to provide context around the vulnerability, impact, threat and the likelihood of a breach in an information asset.
It is frequently possible for a pen tester to gain remote access to operating systems, application logic and database records. Through active exploitation of direct and interconnected systems, Spypro Security Solutions can provide strategic guidance on risk and tailored advice on counter measures.
With hackers constantly finding new exploits, the cybersecurity threats constantly evolve. It’s recommended that every organization does penetration testing at least once a year, but more frequently when:
NETWORK PENETRATION TESTING (INTERNAL AND EXTERNAL)
Internal Penetration Testing is an authorised internal hacking attempt aimed at identifying and exploiting vulnerabilities within an organisation’s perimeter defences.
Testers are typically given onsite access through an Ethernet cable (similar to the way employees or contractors could connect to an internal environment). They then attempt to escalate privileges and gain access to critical information.
For certain environments, such as data centres, we can supply specific jump posts that we use to test remotely via your organisation’s VPN access.
Benefits of Internal Penetration Testing:
External Penetration Test is an authorised hacking attempt against an organisation’s internet facing servers such as web and email servers and ecommerce sites.
This test is aimed at hardening the external facing network against attackers attempting to compromise vulnerable hosts from outside an organisation’s perimeter.
Benefits of External Penetration Testing:
WEB APPLICATION PENETRATION TESTING
A web application penetration test aims to identify security issues resulting from insecure development practices in the design, coding and publishing of software or a website.
A web applications test will generally include:
The vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the application owner’s budget and risk appetite, inducing a proportionate response to cyber risks.
THICK CLIENT PENETRATION TESTING
A thick client, also known as Fat Client is a client in client–server architecture or network and typically provides rich functionality, independent of the server. In these types of applications, the major processing is done at the client side and involves only aperiodic connection to the server.
The most common thick clients are the three tiers where the applications talks to the application server via communication protocol such as HTTP/HTTPS.
Application security assessments of web applications are comparatively easier than thick client application, as these are web based applications which can be intercepted easily and major processing takes place at the server side.
Since the thick client applications include both local and server side processing, it requires a different approach for security assessment. The type of web based vulnerabilities such as Cross Side Scripting and Clickjacking Attacks which are browser based vulnerabilities are no more applicable.
The critical vulnerabilities faced by thick client application such as sensitive data storage on files and registries, DLL, Process and File injection, Memory & Network Analysis are sample techniques utilized by Condition Zebra’s consultants in assessing thick client’s vulnerabilities.
WIRELESS PENETRATION TESTING
A Wireless Penetration test is an authorised hacking attempt, which is designed to detect and exploit vulnerabilities in security controls employed by a number of wireless technologies and standards, misconfigured access points, and weak security protocols.
Benefits of Internal Penetration Testing:
DATABASE PENETRATION TESTING
Database Vulnerability Assessments are integral to a systematic and proactive approach to database security. This form of penetration testing reduces the risk associated with both web- and database-specific attacks, and is often required for compliance with relevant standards, laws & regulations.
Benefits of Database Penetration Testing:
A host assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.
Benefits of Host Assessment:
Identify known security exposures before attackers find them.
Create an inventory of all the devices on the network, including purpose and system information. This also includes vulnerabilities associated with a specific device.
Create an inventory of all devices in the enterprise to help with the planning of upgrades and future assessments.
Define the level of risk that exists on the network.
Establish a business risk/benefit curve and optimize security investments
MOBILE APPS PENETRATION TESTING
A Mobile Application Penetration Test is an authorised and simulated hacking attempt against a native mobile application such as Android, Windows, and iOS. The purpose of this test is to identify and exploit vulnerabilities in an application, and the way it interacts and transfers data with the backend systems.