Penetration TestingPenetration testing is performed to probe the target host/network to discover security vulnerabilities, known software bugs, configuration problems, unnecessary network services and to gather sensitive information.
In addition to the scope of our Vulnerability Scanning service, our Penetration Testing includes:
With the elimination of false positives, the results are more accurate than the Vulnerability Scanning. We are also able to provide several variations of testing which include:
- Exploiting the vulnerabilities identified in Vulnerability Scanning
- Real attacks and intrusion attempts (if appropriate)
- Identifying the real impacts
- Eliminating “false positives”
The following phases are our testing methodology and are included in our Penetration Testing services:
- On-site tests on servers in internal networks or DMZ servers, e.g. DNS, web servers, database servers and proxy servers
- Remote testing on specific IP addresses over the Internet via the external firewall
- Tests on network components, e.g. firewalls, routers, load-balance device, etc.
1. Reconnaissance Phase (Pre-Assessment)
2. Attack and Intrusion Phase (Assessment)
- Network Surveying
- Port Scanning
- Services Probing
3. Resolution & Reporting Phase (Post Assessment)
- Vulnerability Scanning
- Research and Verification
- Denial of Service (DoS) Assessments (Optional)
- Findings Analysis
- Findings Report (Deliverable)
Denial-of-Service (DoS) Testing DoS checks can be included in your Penetration Testing. However, since some DoS checks may bring down the target hosts, certain destructive DoS checks on main network components (e.g. routers) will only be conducted in a controlled environment with special arrangements.