|
Penetration Test
Positioning: intensive technical security testing
from the perspective of an attacker with the skill level of a hacker/cracker.
A penetration test is a realistic, simulated
hacker attack. It involves a much higher degree of manual work than
a security scan, with
the testers putting themselves in the position of a hacker. Our
security consultants use the latest methods and tricks that are
also used by 'real' hackers and crackers. A penetration test
also uses more tools and the report contains proposals for technical
and organizational measures.
The main difference
between a penetration test and ethical
hacking is that in a penetration test the test object
is penetrated but not modified (e.g. by changing the configuration
or the data in the database or by introducing viruses or trojans).
The results are presented in the form of a comprehensive
final report of around 40-60 A4 pages excluding tool-generated reports
and raw data that is tailored to the target group and is OSSTMM
compliant. A separate document containing the completed OSSTMM forms
is also supplied. All the tool-generated reports and raw data, the
dump files (recorded network traffic), and the action log (record
of all actions performed by tester) are supplied on a data storage
medium.
OneConsult GmbH is ISECOM
Licensed Auditor (ILA), Gold Level and our security consultants
are ISECOM certified in various areas of expertize (OPST = OSSTMM
Professional Security Tester, OPSA = OSSTMM Professional Security
Analyst, OSSTMM-Trainer), guaranteeing that the tests will be thorough
and professional and that documentation of the results will be informative
and comprehensive.
We offer penetration tests for individual
applications or systems (as a complement to the application
security audit) as well as wired (e.g. Internet, DMZ and
LAN/WAN) and wireless networks (e.g. WLAN, Bluetooth, GPRS or infrared).
Procedure
Modular expansions
The following options can be ordered
as supplementary modules to the penetration test:
- Extended information gathering
- Social engineering (exploitation of human weaknesses)
- Footprinting (web research)
- Dumpster diving (rummaging through the trash)
- Audit of firewall ruleset
- VPN (deep inspection: sniffing, traffic analysis, aggressive
mode forcing, PSK brute forcing)
- Denial-of-service tests
- Protocol tunneling test (tests sensitivity
to 'covert channel'/'inside-out' attacks (approach based on a
test trojan: use of OneConsult®
Pandora PRO))
- Ethical hacking (hacking
to order)
- System audit (os and os-near services (configuration and password-strength))
- War dialing (dial-up remote access systems)
- War driving (wireless networks)
- Software reverse engineering
- System hardening
- Discussion of final report
- Project presentation (incl. discussion of final report)
To optimize the cost/benefit ratio, we recommend
combining the strengths of the various test types.
If you're interested in OneConsult and
you'd like a no-obligation consultation or more information, please
contact us.
Further Information
| 
