Penetration tests

Penetration tests are controlled attempts to break through the Client’s security system. This security verification method assumes close imitation of activities that could be carried out by potential intruders.

Penetration tests are aimed at verifying the security level of the analysed object through empirical research. This research method is based on defining an object’s security level from an intruder’s point of view. Looking at the security system ‘from an intruder’s point of view’ constitutes the most important assumption behind penetration tests. This has an impact on the way the testing team functions, on how tools are selected and even on the place from which specialist conduct their activities and on the set of initial rights.

Methodology

A penetration test constitutes a simulation in breaking into the network (more generally, into the analysed object). Methods and tools applied by the testing team should correspond to the methods and tools applied by potential intruders.

At the beginning, the testing team has only information gathered at the planning stage. In ‘black-box’ tests the team does not have any other information except for IP addresses or the Client’s name. The aim of the test is to obtain as much information as possible on the tested object, and if possible, to break trough security controls. In other words, the task is to penetrate the object.

Penetration of an IT system is an iterative process. The aim of each step is to gain more and more information on the tested object. Data collected in earlier stages are used as input data during subsequent stages. It is worth stressing that such tests allow not only to answer the question on what threats exists in the analysed installation but also to verify how much information on the object can be obtained by an intruder.Penetration test - stages

General procedure for penetration tests which we follow is presented below:

  1. Planning
  2. Searching for vulnerabilities
  3. Verification of vulnerabilities
  4. Obliteration of traces
  5. Reporting

REPORT

The result of conducted security analysis will be a detailed report consisting of:

  • Executive Summary
  • List of performed actions
  • List of detected vulnerabilities with detailed commentary and recommendations for removing them.

Related services

Networks and servers

Do you have any questions? contact us

Contact us:

phone: +48 12 425 25 75, fax.: +48 12 425 25 93

info@securing.pl

Clients, that trust us

We have conducted security tests, assessments and audits for many Clients, including banks, insurance institutions and public administration.

Our references