Penetration Testing

Penetration Testing


Penetration testing also known as pen testing is the process of computer system testing, network device or Web application testing to find vulnerabilities and solve threads.

Penetration testing analyze companies capability to rescue its networks, network devices, web applications, endpoints, cloud storage and users from any attempts to destroyed it’s security controls and protect from unauthorized access.

Penetration testing on a computer system can look for security weaknesses, potentially gaining access to the computer’s features and data, can be performed as an external or internal penetration testing. External pen test is performed remotely and aimed on web-services and/or infrastructure network access. Internal pen test usually performed from the customers network with minimal rights (or without them) to show how the internal violator can gain access to data. Penetration testing shows the actual ways how the infrastructure or services can be hacked and information can leak to outside.

Process - Service Type

  •  External web-service: penetration of web-based application, definition of maximum ways to get data or gain full access to database. Also can be performed a Denial of Service attack.
  • External network penetration testing: penetration of company infrastructure from the Internet. Including firewall, security systems testing and network issues scan.
  • Corporate web-site penetration testing: penetration of company web-site on wellknown web CMS (custom CMS should be priced like External web-service penetration testing). Including gaining access to administrative interface and web-site deface.
  • Internal network penetration testing: gaining access to the corporate databases from the inner network with minimal rights or without rights. Including host and network configuration testing, database testing services, administrative interfaces of network or endpoint devices.