Penetration Testing

 

Network Risk Assessment and Penetration Testing

A penetration test, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and malicious insiders. Through exploiting the security weakness, a Penetration Test will attempt to gain read/write access to system resources, gain shell access to operating systems and obtain comprehensive access to application and database resources. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.  Once a device has been compromised, a Penetration Test will look to branch out and gain further access to system resources that reside on DMZ and internal networks.


Logisek Penetration Testing (Pen Testing) Services repond to your business needs.


White Box Testing

White Box testing is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality. In white box testing an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate outputs. In a White Box test, clients provide us with information about the applications and infrastructure prior to the commencement of the testing engagement. Usernames and passwords are provided to Logisek testing team as part of the engagement, and the client may provide us with access to source code. In this type of testing engagement, Logisek works closely with the client to perform the assessment. These types of tests tend to gain deeper understanding of the application and infrastructure logic, and may generate more comprehensive test results than other penetration testing approaches.

 

Black Box Testing

Black box testing is a method of software testing that tests the functionality of an application as opposed to its internal structures or workings. This method of test can be applied to all levels of software testing: unit, integration, system and acceptance. It typically comprises most if not all testing at higher levels, but can also dominate unit testing as well. In a Black test, the client provides Logisek with no information about their infrastructure other than a URL or even just the company name. Logisek is tasked with penetrating the environment as if they were an external attacker with no information about the infrastructure or application logic that they are testing. Black tests tend to take longer to commission than White tests and may identify less exposures and vulnerabilities than those of White tests.


 

Gray Box Testing

Gray box testing is a combination of white box testing and black box testing. The aim of this testing is to search for the defects if any due to improper structure or improper usage of applications. A Gray test is a blend of Black testing techniques and White testing techniques. In Gray testing, clients provide us with snippets of information to help with the testing procedures. This results in a more focused test than in Black testing as well as a reduced time line for the testing engagement.




We can conduct Penetration Tests from any kind of network connection using the latest Penetration Testing tools and techniques. Some of our more common engagements include testing conducted from the following vantage points:

           Internal Penetration Testing        External Penetration Testing        Vulnerability Assessments        DMZ Penetration Testing       

  Firewalls Penetration Testing       Web Application & Web Services Testing    Databases Penetration Tests       VoIP Penetration Tests      

             Wireless Penetration Tests      VPN Penetration Testing      Source code reviews       Email & DNS Services Security Tests      

                                                             Passwords Strength Tests     Vulnerabilities Exploitation