Penetration Testing (pentest)
A series of advanced vulnerability exploitation simulations, conducted mainly manually by external security specialists onsite and providing a deeper insight into security. Penetration Testing is a more thorough targeted security assessment with the intention to check overall security posture of the software, “penetrate” a site, service or internal network, or certain security controls, taking up to 2-4 weeks.
Penetration Testing Services can be tuned in complexity to Vulnerability Assessment or extended to Red Teaming. Each type of pentesting services offers a variety of benefits and answers a specific purpose depending on particular business needs, the complexity of infrastructure, project budget, etc.
- Vulnerability Assessment
A basic automated scanning and analysis to find most security issues and vulnerabilities and suggest remediation measures, usually taking less than 1 week.
- Red Teaming (Simulated Targeted Attacks)
The most advanced targeted pentest with the aim to achieve particular objectives. Before the start, the customer (with or without our help) defines the most valuable assets in terms of confidentiality, integrity, availability or other security-related business requirements. After the pentest limitations and conditions are defined, Infopulse develops secure pentest scenarios and test cases and dynamically adjusts them during the pentest. Commonly, Red Teaming methodology requires the approval of the complex simulated activities, such as covert visibility, social engineering and a mix of cyber-physical attacks. This project may take up to 3-5 weeks.
Methods and Activities We Use During Pentests
Our approach to pen testing includes comprehensive planning, develop attack vectors and scenarios, and define dozens of test parameters. Our consultants perform automated and manual Black-, Grey- and White-box testing. The scope of work provided includes: vulnerability analysis; traffic interception and analysis; all kinds of network and local attacks and manipulations; RAM analysis; password brute force tests; reverse engineering (including disassembling, decompilation, debugging) of applications, data, electronic systems; social engineering and other methods. We develop and use exploits, do post-exploitation and produce very detailed reports with executive summaries.
Selected Penetration Testing Services
Whether your company needs the full-scale network and infrastructure manual penetration testing, or a quick scanning of selected systems, Infopulse is your business partner of choice. Pen testing can be adjusted to suit your specific requirements or situation and focus on particular domains of your company’s application security, business infrastructure, and staff.
- Web services and web application penetration tests;
- Network perimeter, DMZ, wireless network penetration tests;
- Penetrating a client-server system, desktop, or mobile application;
- Assessment of resistance to multi-layered attacks;
- Social engineering penetration testing;
- Password policies security assessment;
- Industrial IT environment penetration test (Industrie 4.0, SCADA, etc.);
- Insider penetration test;
- Assessment of Anti-DDoS solution efficiency;
- Web application stress test and others;
- Checking your employees’ response in case of security incidents.
- Physical security system penetration tests.