The main objective of the Penetration Testing is to provide a reliable indication of the current information security level. The identification of the main risks and threats at the application, infrastructures and network levels is our main resource for organizations’ information security level estimation.
See–Secure provides the following penetration tests:
Application Penetration Testing
Under the scope of the evaluation, the following elements will be assessed from a security perspective and the following elements, controls, mechanisms and security related features will be evaluated.
Business Validation Checks:
- Data Access Layer Protection & Data Validation:
- Session Management
- Authentication Mechanisms:
- Authorization Mechanism:
- Memory Corruption and DoS
- Combined Attacks and Attack Scenarios
Infrastructure Penetration Testing
Under the scope of the evaluation, the following elements will be addressed, from a security perspective and will address the following the system’s elements:
- Bypassing detection mechanisms
- Attacking password management mechanisms.
- Attempts to switch between different systems users.
- Check the system’s information leakage as a result of various attacks on the system.
- Checking the existence of system backdoors (intentional and unintentional).
- Integrity checking the mechanisms to address unpredictable system errors and dealing with unexpected situations.
- Checking the security mechanisms in transit of sensitive information between servers and during storage, and use of cryptographic mechanisms
- Exploiting the system’s documentation and monitoring mechanisms. The test will also include the protection and man agement mechanisms for access to the database.
- Use automatic / manual tools to scan and find system vulnerabilities.