|
Penetration Test
Positioning: intensive technical, unpriviledged security audit from the perspective of an attacker with the skill level of a hacker/cracker.
A penetration test is a realistic, simulated
hacker attack. It involves a much higher degree of manual work than
a security scan, with
the testers putting themselves in the position of a hacker. Our
security consultants use the latest methods and tricks that are
also used by 'real' hackers and crackers. The report of a penetration test contains proposals for technical
and organizational measures.
The main differences between a penetration test and ethical
hacking are that in a penetration test the testers are looking for all vulnerabilities and the test object
is penetrated but not modified (e.g. by changing the configuration
or the data in the database or by introducing viruses or trojans). The detailed feature table shows the characteristics of the various technical test types offered by OneConsult.
Procedure
The client defines the information level parameters of both parties (tester and administrators/users of the systems to be in scope):
| Black Box |
The testers do not have prior audit knowledge about the systems to be tested. The objective is to assess the information leak. |
| White Box |
The testers obtain all and detailed information of the systems to be audited. The objective is to simulate an attack with insider information. |
| Gray Box |
The testers obtain partial information of the systems. The objective is close to the black box approach. But this approach allows to speed up the audit by avoiding wasting precious project time. |
The results are presented in the form of a comprehensive
final report of around 40-60 A4 pages excluding tool-generated reports
and raw data that is tailored to the target group and is as an option OSSTMM compliant. All the tool-generated reports and raw data, the
dump files (recorded network traffic), and the action log (record
of all actions performed by tester) are supplied on a data storage
medium.
OneConsult GmbH is ISECOM
Licensed Auditor (ILA), Platinum Level and ISECOM Partner (Accredited Trainer) and our security consultants
are ISECOM certified in various areas of expertize (OPST = OSSTMM
Professional Security Tester, OPSA = OSSTMM Professional Security
Analyst, OSSTMM-Trainer), guaranteeing that the tests will be thorough
and professional and that documentation of the results will be informative
and comprehensive.
We offer penetration tests for individual
applications or systems (as a complement to the application
security audit) as well as wired (e.g. Internet, DMZ and
LAN/WAN) and wireless networks (e.g. WLAN, Bluetooth, GSM/UMTS or infrared).
Modular expansions
The basic module penetration test can be extended with several optional supplementary modules.
If you're interested in OneConsult and
you'd like a no-obligation consultation or more information, please
contact us.
Further Information
| 
