Home » Security of IT systems » Penetration tests
The scope of work performed as part of penetration tests by a certified "ethical hacker" includes:
An audit aimed at determining what type of threats the client's network is vulnerable to and the point of contact with the Internet. The audit uses techniques and tools used by intruders during various types of attacks (e.g. man-in-the-middle, denial of service, distributed denial of service, ipspoofing, mac spoofing, arppoisoning). The purpose of the audit is to find out how people who do not have direct and official access to the infrastructure are able to threaten security or obtain valuable information. Scope of work:
The audit covers issues related to the security of WLAN networks. For example, the possibility of eavesdropping or disrupting the wireless network traffic from outside the company's premises, with the use of antennas and devices with greater signal strength than traditional network cards used in computers, is taken into account. The tests also include checking the security mechanisms used and attempts to break them. Among other things, the strength of the passwords used through attempts at dictionary and brute force attacks. Scope of work:
Audit aimed at determining the types of threats to which operating systems used on servers and workstations are vulnerable. During the audit, tools are used to detect known vulnerabilities and system vulnerabilities to exploits developed for them. The purpose of the audit is to indicate which patches and software versions should be applied in order to eliminate potential threats. Scope of work:
An audit to determine whether the authentication and data input mechanisms in WEB applications guarantee security and resistance to specific types of attacks. During the audit, tools for testing vulnerability to threats are used, such as sqlinjecting, cross sitescripting, commandinjecting. The scope of the audit covers, among others examination of the main threats defined by the OWASP organization as the TOP 10 most dangerous vulnerabilities:
Audit to determine the extent to which the company's employees are susceptible to social engineering attacks. During the audit, controlled attempts are made to obtain confidential information from users or persuade them to perform specific activities that may affect the company's security. The purpose of the audit is to examine the level of users' awareness and their resistance to threats such as phishing. During the audit, specially prepared viruses and Trojans are used. It is recommended to include it in the scope of penetration testing (previous point). The scope of social engineering tests: