Penetration Testing

Penetration testing is performed to probe the target host/network to discover security vulnerabilities, known software bugs, configuration problems, unnecessary network services and to gather sensitive information.

In addition to the scope of our Vulnerability Scanning service, our Penetration Testing includes:
  • Exploiting the vulnerabilities identified in Vulnerability Scanning
  • Real attacks and intrusion attempts (if appropriate)
  • Identifying the real impacts
  • Eliminating “false positives”

With the elimination of false positives, the results are more accurate than the Vulnerability Scanning.  We are also able to provide several variations of testing which include: 
  • On-site tests on servers in internal networks or DMZ servers, e.g. DNS, web servers, database servers and proxy servers
  • Remote testing on specific IP addresses over the Internet via the external firewall
  • Tests on network components, e.g. firewalls, routers, load-balance device, etc. 

The following phases are our testing methodology and are included in our Penetration Testing services:

1. Reconnaissance Phase (Pre-Assessment)
  • Network Surveying
  • Port Scanning
  • Services Probing
  • Fingerprinting
2. Attack and Intrusion Phase (Assessment)
  • Vulnerability Scanning
  • Research and Verification
  • Denial of Service (DoS) Assessments (Optional)
3. Resolution & Reporting Phase (Post Assessment)
  • Findings Analysis
  • Findings Report (Deliverable)
 

Denial-of-Service (DoS) Testing

DoS checks can be included in your Penetration Testing. However, since some DoS checks may bring down the target hosts, certain destructive DoS checks on main network components (e.g. routers) will only be conducted in a controlled environment with special arrangements.