Penetration Testing
A proactive & authorized attempt to evaluate security of an IT infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and application flaws, improper configurations, and even risky end-user behavior
|
|
External Penetration Testing:
Review of vulnerabilities that could be exploited by external users without credentials or the appropriate rights to access a system
|
|
|
Internal Penetration Testing:
Protection from internal threats and ensures that internal user privileges cannot be misused.
|
|
|
Application Penetration Testing:
Testing is performed in a black-box, (white-box will be a custom module)
Black box testing involves providing GSS only very essential information pertaining to the application, such as the URL or address
|
|
Wireless Penetration Testing:
GSS's wireless security testing focuses on enumerating and verifying potential attack vectors and threats to your organization's wireless infrastructure. Evaluate and provide recommendations for improvement.
|
|
Methodology
>
<
I. External and Internal Penetration Testing
1. Obtaining information about your Internet facing assets
2. Security testing identify vulnerabilities in externally/internally facing systems and applications
3. Optional phase includes exploitation of the underlying vulnerabilities
II. Application Penetration Testing
1. To identify both common and application specific vulnerabilities
2. Network and operating system security tests to verify that the underlying platforms are configured securely
3. For role-based systems, testing is conducted across all user roles
III. Wireless Penetration Testing
1. Access point discovery
2. Wireless Penetration Testing
3. Post wireless exploitation
|
|
|
|
