Penetration Testing
Penetration Testing
Penetration Testing
Why Penetration Testing
The main aim of our pen testing is to ensure the protection of your company knowledge from unauthorized access.
In this modern era of digitization, network security and applications play an essential role for companies and organizations. This applies not only to personal data but also to all company-relevant information that is available via the network and on the internet.
Defense mechanisms such as, Firewalls, IDS, IPS are all ad-hoc that are not effective to secure your IT environment or your applications. The Cetbix Penetration Test provides solutions to these and involves scanning for vulnerabilities. During this phase, more emphasis is placed on your IT security and human factors so as to meet your requirements.
Many organizations fail to meet security best practices, and had inadequately protected data storage and transmission, due to the absence of a security intelligence-led approach, lack of policies, and employees’ conduct during the security development process. In many organizations, more emphasis is placed on functionality and speed, which means security has to be left out.
Our Penetration Testing Initiating
We conducted strategical measurements before providing measures of any bug fixing. For these tests, we concentrate on internal network systems and applications. The number of successful penetrations measures the number of potentially dangerous security flaws. That is why we perform as many penetrations as we could. The penetration is then divided into three levels of potential harm: high, medium and low. We further conduct a DoS attack to interrupt services to see how your systems withstand DoS attacks.
To prevent any bias in our validation, we considered attack surfaces and network design/topology, open ports, insecure protocols, multiple users of administrative accounts, low bandwidth, placement of critical systems, firewall rules, and other security mechanisms, such as IDS, IPS, and VPNs. For the application attack surfaces, we considered the number of running services, the number and type of ports the applications listen on, privacy settings, Open Source software, software without security updates, and patch management.
Compatible penetration test modules
Web application pen testing
Web applications can be accessed via various devices and at any location, and this makes them an easy target for cyber crimes. Most of these vulnerabilities are due to programmers error and lack of business workflow, issues with transactional interfaces/APIs, operational commands, monitoring interfaces/APIs, and interfaces with other applications/systems. Other issues are attack vectors, such as SQL injection, DDoS attack, phishing attack, and eavesdropping attack. We also explore password policies and engage in brute-force attacks against Telnet and FTP servers. Due to the increasing use of social networking sites, we verify organizations’ security through social engineering. This is where the human factor plays a major role since part of our penetration testing is to capitalize on the weakness of organizations’ employees. At the end of a web application penetration test, the security level is classified and measures to close any security gaps are proposed.
Infrastructure /SS7 Vulnerability
The aim of an infrastructure penetration test is to identify and evaluate existing risks posed by organization insiders and these need to be addressed to propose measures to eliminate these risks. The targets of Internet criminals are not only limited to external intruders but most of the time, the employees. We considered network design/topology, open ports, insecure protocols, multiple users of administrative accounts, low bandwidth, placement of critical systems, firewall rules, and other security mechanisms, such as IDS, IPS, and VPNs. The SS7 vulnerability is real and allows a hacker to forward calls, record calls, send text messages, read text messages, track the user's location, and steal data. Anyone using a mobile phone could be vulnerable. Many countries use this approach as a law enforcement approach in their surveillance. Cetbix Technology's security sector has several measures in place to address these issues.
WLAN/PCI-DSS
Your W-LAN can still be reached far beyond the boundaries of your company premises and thus offers a particularly broad field of attack. A single running access point that has been forgotten in a cabinet runs with an outdated, vulnerable firmware version. A poorly configured guest W-LAN or a rogue access point created by an employee can be the incentive gateway to your intranet for attackers. Customers such as notebooks and mobile phones connect in good faith to the WIFIs used by attackers and reveal their secrets. The Cetbix penetration test aims to detect existing risks and finally gives recommendations for action to eliminate any weak points. Both the access point and WLAN devices such as notebooks and mobile phones are examined. In addition to the cryptographic procedures, the configurations of terminal devices are also checked.
The findings
The findings of the report of the penetration test in detail can be uploaded to the Cetbix ISMS to provide a risk assessment of the identified vulnerabilities. The Cetbix ISMS does not only provide a risk assessment of the identified vulnerabilities but provides concrete tips on how to close them.
Cetbix Penetration Testing procedure
Information Gathering
Our first step is to gather information to gain an understanding of the application from an outsiders perspective. Here, we validate ownership of a target such as whois the target domains or host and automate many DNS enumerations. Most of the time, results during this phase are mixed results depending on whether or not the target is using whois privacy protection.
We test Zone TransfersPermalink.
Zone transfers are a DNS transaction used to replicate records between DNS servers. Even though the DNS server is legacy technology, but some organizations still use it even without their knowledge. The main aim of the zone transfer is to enable us to get access to all of the records of the domain or host.
DNS Zone Transfer Attacks are much easy to prevent by simply whitelisting zone transfers to a select group of IP addresses.
OSINT Harvesting
One other method is our OSINT Harvesting whereby we gather e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources.
Mapping
The mapping phase enables us to gain a broader understanding of the application from a user perspective. This where we scan TCP/IP host with our tools that have OS fingerprinting capabilities. This phase marks the transition from our information gathering to mapping.
We also engage in a manual enumeration of your web application by visiting every page and links. Automated Mapping enables us to find additional pages that we normally wouldn’t find during the manual enumeration. This initiation allows us to gain a better understanding of the application from the attacker's point of view.
Other technologies we do are as follows identify technologies, port scanning, service fingerprinting, OS detection, browser and interception proxy, Post-Mapping Analysis.
Discovery
This is the phase with the goal of discovery and the understanding of the applications from an attackers perspective.
Testing Web Services
Web services are technologies used by every organization today, but they should be tested to prevent any malicious activities.
Exploitation
After we have gone through all the above points, we then engage in exploitation. In an engagement, the objective of exploitation is to leverage the vulnerabilities found during discovery and measure how deep they go and hazard that they pose.