Penetration testing

Penetration testing refers to circumventing the networks and applications of all publicly available from the Internet services of the company and internal resources that are included in the information security audit. 

Penetration testing allows to:

  • determine the actual level of information systems security through public (well-known) methods of obtaining unauthorized access, implementation of active or passive actions of an attacker; 
  • determine the existing threats of violation of normal information system operation and identify existing vulnerabilities; 
  • demonstrate the possibility of obtaining unauthorized access to internal resources of information system by outside an attacker; 
  • develop recommendations to improve внешний perimeter security of an information system, address the identified vulnerabilities and threats to prevent breaches of information system security.

Penetration testing includes the following stages:

  • passive information collection about the customer with the help of the Internet and methods of social engineering; 
  • external scanning through the Internet in order to make an inventory of available to the attacker information resources and services; 
  • analysis of the information, identification of existing vulnerabilities; 
  • development of simulated attack scenario; 
  • simulation of attacks considering previously identified vulnerabilities in the network and application level.

Development of the report on penetration testing, which may include the following sections: 

  • description of available infrastructure; 
  • list of information obtained from public sources; 
  • description of identified vulnerabilities; 
  • recommendations to address the identified vulnerabilities; 
  • description of the actions of identified vulnerabilities exploitation and obtaining unauthorized access; 
  • results of operation of the identified vulnerabilities; 
  • recommendations to counter the exploitation of each vulnerability.
English