PENETRATION TESTING

PENETRATION TESTING SERVICES

Naturally, an intruder won’t spend months trying to force a well-locked door, but will look for weak points and vulnerabilities in those information systems where security isn’t a priority. Seemingly minor vulnerabilities may end up in serious consequences and lead to the system being compromised. The acknowledged way to reduce such risks is to employ penetration testing. To prevent your organization from possible breaches and reinforce existing security controls against a skilled attacker, Cubex team offers penetration testing services based on a custom plan of a multistep attack that targets custom network infrastructure and applications.

When You Need Penetration Testing

We recommend to fulfill a pentest in case if:

  • Regularly scheduled analysis and assessments are required by regulatory mandates.
  • New network infrastructure or applications were added.
  • Significant upgrades or modifications to infrastructure or applications were made.
  • New office locations were established.
  • End-user policies were modified.
  • Corporate IT was significantly changed.
ETHICAL HACKING TO PREVENT A POTENTIAL INTRUSION

Cubex offers complete penetration testing designed to identify system vulnerabilities, validate existing security measures and provide a detailed remediation roadmap. Our team, equipped with the latest tools and industry-specific test scenarios, is ready to deliver a thorough checkup to pinpoint system vulnerabilities, as well as flaws in application, service and OS, loopholes in configurations, and potentially dangerous non-compliance with security policies.

Types of a penetration test we provide:

Network Services Tests

Web Application Security Test

Client-Side Security Test

Remote Access Security Test

Social Engineering Test

Physical Security Test

3 STEPS OF A PENETRATION TEST

Pre-attack phase / Planning

01

Defining the intruder model (internal or external, enabled rights and privileges). Defining goals, source data, scope of work and testing targets. Determining the scope of a target environment. Developing the testing methodology. Defining interaction and communication procedures.

Attack phase / Testing

02

Fieldwork, service identification. Custom scanning or intrusion tools are developed if needed. Vulnerabilities detection and scanning, elimination of false positives. Vulnerabilities exploit and gaining an unauthorized access. Utilization of compromised systems as a springboard for further intrusion.

Post-attack phase / Reporting

03

Result analysis and reporting with recommendations for reducing risks. Visual demonstration of the damage that can be inflicted to the system by an intruder.

Penetration testing methods we apply:

Black Box testing

We work in life-like conditions having strictly limited knowledge of your network and no information on the security policies, network structure, software and network protection used

Grey Box Testing

We examine your system having some information on your network, such as user login details, architecture diagrams or the network’s overview

White Box Testing

We identify potential points of weakness by using admin rights and access to server configuration files, database encryption principles, source code or architecture documentation

TOP