logo

Select Sidearea

Populate the sidearea with useful widgets. It’s simple to add images, categories, latest post, social media icon links, tag clouds, and more.
[email protected]
+1234567890
 

Penetration Testing

Overview

What is Penetration Testing?

Penetration testing, also known as pentest or pentesting, describes the assessment of computer networks, systems, and applications to identify and address security weaknesses.

 

By conducting a comprehensive security review of your organization ecosystem regularly, you ensure that your organization is protected and your data integrity intact. Our range of penetration testing engagements help organizations to effectively manage cyber security risk by identifying, safely exploiting, and helping to remediate vulnerabilities that could otherwise lead to data and assets being compromised by malicious attackers.

Types of Penetration Testing

External or Internal IT Infrastructure

Technical Security Assessment of your public internet-facing or internal networks, systems, and services to identify points of entry, detect security flaws and poor network configuration and exploit vulnerabilities in your infrastructure, by using automated and manual approaches.

 

By conducting a comprehensive review of your network regularly you ensure that your systems are protected and the integrity of both your company’s and clients’ data intact.

 

Our approach is governed by international security testing standards and methodologies in order to assure that all international security best-practices have been followed.

OT Infrastructure

Uncover critical issues in your Industrial Control Systems (ICS), Supervisory control and data acquisition (SCADA) infrastructure, cargo control systems, control applications and PLC/RTU automation devices and interfaces.

 

Evaluate the security level of your workstations and/or critical systems security configuration and identify your infrastructure’s security status and exposure.

 

Manual exploitation, international security standards and methodologies will be applied to assure you that all international security best-practices have been followed.

VoIP

Stress test, as well as automatically and manually evaluation of the security status of your VoIP systems, will be performed, according to the international security testing standards and methodologies.

Vulnerability Assessment

Business growth, digitalization and the evolving threat landscape create constant security challenges for your organization. Logisek’s Vulnerability Assessment service helps you to respond by identifying, classifying and addressing security risks and providing the ongoing support and guidance to best mitigate them.

Web, Mobile & Desktop Applications Source Code Review

An in-depth automated (SAST and DAST) and manual analysis of your application’s code developed in Golang, JAVA, C#, C++, C, Python and PHP languages using static code analysis methods and problems identification within the code, to uncover security vulnerabilities.

Web, Mobile and Desktop Applications

Technical Security evaluation of the security level of your applications, web services, APIs, and your websites by using automated and manual approaches. Identify any weaknesses and security flaws and receive appropriate mitigation recommendations.

 

Perform a wide range of customized security assessment tests to early identify, and enumerate any potential threats, weaknesses, and vulnerabilities in your web, think client, and mobile applications with manual, expert penetration testing governed by international security testing standards, methodologies, and international security best-practices.

 

Web applications play a vital role in business success and are an attractive target for cybercriminals.

IoT Devices

Connected devices are often insecure and provide a way in for the attackers. Internet-aware devices span from commercial Internet of Things (IoT) devices and systems to automotive, healthcare and mission critical Industrial Control Systems (ICS).

 

Evaluate the security level of your entire ecosystem beyond a basic device testing by covering areas such as communications channels and protocols, encryption and cryptography use, interfaces and APIs, firmware, hardware, and other critical areas.

 

Manual security testing and analysis methodologies will discover both known and previously undiscovered vulnerabilities. All of our tests are governed by international security testing standards and testing methodologies in order to assure that all international security best-practices have been followed.

Segmentation Testing

Verify that your PCI network segments is isolated from your cardholder data environment (CDE) perimeter network segments. Identify any outbound connectivity from your CDE network to the out-of-scope PCI network segments. Scan all TCP and UDP ports from the PCI out-of-scope network segments and vice versa. All segmentation technology in use, such as firewalls, VLAN ACLs, router ACLs will be tested. Exclude any possibility of VLAN hopping.

Wireless network

An attacker can gain access to your organization’s internal network or passively obtain sensitive data if she successfully exploits the security of your business wireless networks.

Perform a black box and/or a white box Security Assessment of your Wi-Fi networks to verify that your wireless network devices are free of misconfigurations, that strong cryptographic algorithms and methods have been applied and a strong password policy is being followed. Identify any vulnerabilities and threats to your wireless network infrastructure.

Conducting a site survey, a wireless infrastructure mapping, a signal leakage testing, a rogue devices discovery, physical device inspections, and other wireless protocol tests will ensure you that all international security best-practices have been followed.

Cloud Services

A penetration test on the cloud computing environment, technically, does not differ that much from any other penetration test. Perform a simulated cyber-attack against your systems (IaaS, PaaS, SaaS) hosted on a Cloud provider such as Amazon’s AWS or Microsoft’s Azure.

Map the attack surface that your systems are exposed to and identify any security misconfigurations, weaknesses and security threats of your system, so that its security posture can be accurately assessed.

Security Assessment Approaches

The security consultant accesses the network from the inside.

Administrative level credentials will be provided to perform in-depth and PCI-DSS compliant authenticated security tests and vulnerability scans at the systems in scope.

The security consultant accesses the network from the outside as any other end-user. A wide variety of real-world attacks and tests are being simulated to provide an assessment of the vulnerabilities and the threats of your systems in scope.

 

Beyond a list of the systems in scope, no further information regarding the underlying infrastructure or the application structure is provided to the security consultant.

The security consultant accesses the network from the outside as any other end-user. However, a general architecture of the infrastructure and/or the application is provided as well ass a point of contact in the development team.

 

Then, whenever a new control is encountered, they may ask the client contact point of explanations of how this is implemented in order to execute only targeted tests.

Security Assessment Methodologies

Open Source Security Testing Methodology Manual (OSSTMM)

OWASP Mobile Security Testing Guide (MSTG)

OWASP Testing Guide (OTG)

CWE Top 25

OWASP Mobile Security TOP 10

OWASP Web Security TOP 10

OWASP API Security Top 10

Information System Security Assessment Framework (ISSAF)

Penetration Testing Execution Standard (PTES)

Penetration Testing Framework

OWASP Risk Rating Methodology

OWASP ASVS Certification

OWASP MASVS Certification

OWASP OpenSamm Certification

MITRE Framework

NIST Framework

Reporting

The Penetration test report provides your organization with the needed information, methodologies followed, key data highlighting, findings, exactly how targets were compromised as well as recommendations on best practices along with complete review of remediation recommendations to make the best decision and move forward.

More than just Penetration Testing

Testing is useless unless it achieves actionable results. With Logisek you get reports written by experts that highlight key data and exactly how targets were compromised as well as recommendations on best practices along with complete review of remediation recommendations.

 

Logisek offers a complete service provided by our team of experts to ensure that vulnerabilities are minimized and that your defenses are running in top shape.

Our process:

Scope Of Work

Scoping Questionnaires, Demos | Recommendation and alignment.

Effort Determination

Budget Limitations, Client Expectations| Statement of Work Delivery.

Kick Off

Scheduling Calls, Rules of Engagement, Meet the Team| Discuss final details.

Execution

Daily/Weekend Updates | Notification of high-risk findings.

Compliance

Discover Gaps In Compliance.

Behavior

Systems, services, application flaws, configurations, or end-user behavior.

Risks

Identifying higher-risk vulnerabilities.

Weaknesses

Find Weaknesses and vulnerabilities in your web, think client, and mobile apps with manual, expert penetration testing.

Attack Simulation

Real-World Attacker Tactics and Techniques- Manual Penetration Testing.

Next Step Exploit

Discuss Exploits and next steps | Key findings Report Creation.

Final report Delivery

Executive Summary | Detailed Engineering Report.

Remediation

Validate & Confirm Findings | Provide Recommendations.

Retest

Retest vulnerabilities after remediation.

Penetration Testing Methodology

Logisek’s security penetration testing services are based on a systematic approach to vulnerability identification and reporting. Our advanced pentest methodology includes:

1. Scoping

We work with you closely to define all assets that fall within the scope of the pen test.

2. Reconnaissance and intelligence gathering

We gather publicly available information using open source techniques (OSINT) to build intelligence that could be used to compromise your organization.

3. Active scanning and vulnerability analysis

We conduct a full assessment of network infrastructure and application to obtain a complete picture of your organization's attack surface.

4. Mapping and service identification

We research and gather detailed information about target systems.

5. Business Logic Analysis

We perform an in-depth audit of applications residing on target hosts to identify security vulnerabilities to exploit.

6. Service exploitation

We attack identified vulnerabilities to gain access to target systems and data.

7. Privilege escalation

We attempt to compromise a privileged account holder, such as a network administrator.

8. Pivoting

We use compromised systems as a mechanism to attack additional assets.

9. Reporting and debrief

We provide a manually-written pentest report that includes an executive summary and recommendations about hot effectively address identified risks.

Services

Discover our other services