: Penetration Testing – isec

Service Overview

Besides uncovering vulnerabilities, penetration testing can be used to test organization’s policies and its regulatory compliance, as well as employees’ awareness and their ability to efficiently respond to security incidents.

To ensure proper functioning of information systems, organizations should perform penetration tests on a regular basis, in particular where:

  • new threats are discovered;
  • changes are made to IT infrastructure;
  • new network or application infrastructures are implemented;
  • new software is installed or a system is updated.

isec is prepared to perform penetration testing on your organization’s systems, applications and networks.

The methodology used by our pentesters has been developed in-house based on standards and guidelines issued by NIST, OSSTM, OWASP, OISSG and ISACA.

Penetration testing, also known as Ethical Hacking, can be approached through different strategies:

BlackBox Pentest – scanning and assessing systems, networks and applications without any knowledge about them, to simulate a realistic attacker from outside the organization, whom would collect the necessary information from public sources;

WhiteBox Pentest – scanning and assessing systems, networks and application having all the necessary knowledge about them (details about infrastructure, IP addresses, protocols etc.);

GreyBox Pentest – scanning and assessing systems, networks and applications having just a part of the necessary knowledge. This type of scenario simulates an internal attacker, such as an unprivileged user who attempts to gain privileged access.

At your request, our pentesters could even use exploiting techniques such as phishing, social engineering, cross-site scripting, SQL injection or malware attacks, to test your organization’s resilience and readiness to face a real attack.

Penetration Testing Report – includes the executive summary (containing project’s scope and objectives, limitations and rules of engagement), detailed description of the findings accompanied by risk classification, severity and probability, as well as recommended countermeasures for remediation or improvement.

  • Identify exploitable vulnerabilities and get access to remediation measures that will defend your organization against cyber-attacks.
  • Penetration testing supports compliance with different standards and regulations and demonstrates your security commitment to internal and external stakeholders, while protecting your business reputation.