Penetration Testing
The main objective of the Penetration Testing is to provide a reliable indication of the current information security level. The identification of the main risks and threats at the application, infrastructures and network levels is our main resource for organizations’ information security level estimation
See – Secure provides the following penetration tests:
Application Penetration Testing:
​
Under the scope of the evaluation, the following elements will be assessed from a security perspective and the following elements, controls, mechanisms and security related features will be evaluated.
Business Validation Checks:
-
Data Access Layer Protection & Data Validation:
-
Session Management
-
Authentication Mechanisms:
-
Authorization Mechanism:
-
Memory Corruption and DOS
-
Combined Attacks and Attack Scenarios:
Infrastructure Penetration Testing:
​
Under the scope of the evaluation, the following elements will be addressed, from a security
perspective and will address the following the system’s elements:
-
Bypassing detection mechanisms
-
Attacking password management mechanisms.
-
Attempts to switch between different systems users.
-
Check the system’s information leakage as a result of various attacks on the system.
-
Checking the existence of system backdoors (intentional and unintentional).
-
Integrity checking the mechanisms to address unpredictable system errors and dealing with unexpected
-
situations.
-
Checking the security mechanisms in transit of sensitive information between servers and during storage,
-
and use of cryptographic mechanisms
-
Exploiting the system’s documentation and monitoring mechanisms. The test will also include the protection and management mechanisms for access to the database.
-
Use automatic / manual tools to scan and find system vulnerabilities.
-
Utilizing a set of tests on the servers in order to draw information and get CLI access.
-
Utilizing exploit deficiencies that were found during the test in order to gain full access to the server
Device configuration review:
​
The configuration review inspects specific devices and their configuration, and misconfiguration from a security point of view. Some of the reviewed topics include:
Code Review:
Risk Determination & Reporting
The report provides a list of design and code-level security vulnerabilities, categorized according to the severity of
the finding, as well as remedial steps for improving the overall development process.