Types of Penetration Tests
External Penetration Testing is the traditional approach to security assessment.
The testing is focused on the servers, infrastructure and the underlying software comprising the target. It may be performed with no prior knowledge of the site (black box) or with full disclosure of the topology and environment (crystal box). This type of testing should typically involve a comprehensive analysis of publicly available information about the target, a network enumeration phase where target hosts are identified and analyzed, and the behavior of security devices such as screening routers and firewalls are analyzed. Vulnerabilities within the target hosts should then be identified, verified and the implications assessed.
Internal Security Assessment follows a similar methodology to external testing, but provides a more complete view of the site security.
Testing will typically be performed from a number of network access points, representing each logical and physical segment. For example, this may include tiers and DMZ's within the environment, the corporate network or partner company connections.
Application Security Assessment is designed to identify and assess threats to the organization through bespoke, proprietary applications or systems.
These applications may provide interactive access to potentially sensitive materials, for example. It is vital that they be assessed to ensure that, firstly, the application doesn't expose the underlying servers and software to attack, and secondly that a malicious user cannot access, modify or destroy data or services within the system. Even in a well-deployed and secured infrastructure, a weak application can expose the organization's crown-jewels to unacceptable risk.
Wireless/Remote Access Assessment (RAS) Security Assessment addresses the security risks associated with an increasingly mobile workforce.
Home-working, broadband always-on Internet access, 802.11 wireless networking and a plethora of emerging remote access technologies have greatly increased the exposure of companies by extended the traditional perimeter ever further. It is vital that the architecture, design and deployment of such solutions is secure and sound, to ensure the associated risks are managed effectively.
Telephony Security Assessment addresses security concerns relating to corporate voice technologies.
This includes abuse of PBX's by outsiders to route calls at the targets expense, mailbox deployment and security, voice over IP (VoIP) integration, unauthorized modem use and associated risks.
For a penetration test, please submit: