Infrastructure Security Testing
Applications, whether they are using web, mobile, API or proprietary protocols, require infrastructure to be reachable by external or internal clients. Infrastructure security starts from the very beginning – when choosing a software version to deploy or when deciding on the authentication credentials. Even a secure setup may become insecure over time, when there is no process for regular updates. The purpose of security tests is to determine current level of security, recommend mitigations, and suggest processes that will help avoid similar issues in the future.
In order to help you properly secure your infrastructure environment, as well as the stored data, we offer the following services:
1. External and internal penetration tests
2. Cloud infrastructure penetration tests
An external penetration test focuses on determining an external attack surface – public DNS configuration, all hosts exposed to the internet, and services published on those servers.
Internal penetration test answers the following question:
Who can get access to our internal network and what can go wrong if he does?
It includes attacks on Network Access Control (NAC) mechanisms, identifying vulnerabilities in internal services, scenarios of workstations infected with malware, and AD environment privilege escalation.
Cloud infrastructure penetration tests include all major players in the cloud service industry such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, and OpenStack. It is similar to external penetration tests, however it includes provisioning and management mechanisms specific to cloud environments.
In addition, we are one of the few who are able to perform macOS infrastructure tests.
If you are interested in an infrastructure test pricing, please fill out our contact form. Our security specialist will get back to you with a reply.