Vulnerability Assessment and Penetration Test
This assessment is designed to identify, quantify and prioritize vulnerabilities of a web application by validating and verifying the effectiveness of the application’s security controls.
- Web Portal (cms, custom website etc.)
- CRM, ERP, TTS
The network pen-test provides suggestions to better protect sensitive data and prevent take-over of systems by identifying real-world opportunities that can compromise systems and networks.
- Public Subnet
- Private Subnet (LAN, DMZ, etc)
In this assignment, there is no internal knowledge of the target system. Testers are not provided with any architecture diagrams or source code that is not publicly available. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network.
A grey-box test is made with the access and knowledge level of a user, potentially with elevated privileges on a system. Grey-box pen-testers typically have some knowledge of a network’s internals, potentially including design and architecture documentation as well as an account internal to the network.
During a white box test, pen-testers are given full access to source code, architecture documentation and so forth. The main challenge with white-box testing is sifting through the massive amount of data available to identify potential points of weakness.
HOW DOES IT WORK?
- Definition of activities and scope
- Definition of the rules of engagement
- Project execution
- OWASP (Open Web Application Security Project)
- OSSTMM (Open Source Security Testing Methodology Manual)
- CVSS3 (Common Vulnerability Scoring System Version 3.0)