PENETRATION TESTING & AUDITING
PREPARE FOR POSSIBLE THREATS AND ELIMINATE RISKS PROACTIVELY
PENETRATION TESTING
The key benefit of penetration testing is that an organization can identify their weaknesses so they can be removed or be better prepared. Penetration testing can include both a physical element and a cyber element.
PHYSICAL TESTING
In a physical penetration test, we simulate breaching a target location. The target can be for example an office building or warehouse. The objective is to find out if unauthorized access is possible without being noticed or stopped.
The goal of a physical penetration test is to identify current weaknesses in physical security and outline the methods an attacker could use to gain access to the organization.
CYBER TESTING
Cyber testing aims to find out if an attacker can gain access to the network infrastructure of the organization. We use several methods to find out what a potential attacker could do to breach your defenses and gain access to your organization. These methods can include, for example:
- Social Engineering
- O365 Phishing
- Malware implants delivered by e-mail
- Possible stolen or leaked credentials
OPEN SOURCE INTELLIGENCE
Open Source Intelligence is data about the organization that can be found from publicly accessible sources. This data can be used to attack the target organization.
The data can include for example:
- Leaked credentials
- Information about the organization’s servers and addresses
- Data related to key personnel in the organization
- Files related to the organization, such as: documents, emails, credentials etc.
- Other files that can contain sensitive information
WEB APPLICATION TESTING
In a web application penetration test, we look for vulnerabilities and weaknesses in the web application, that enable the manipulation of the application or it's data in one way or another. The target of the penetration test can be any website like for example an online store or an ERP system.
RED TEAMING
Red Teaming is similar to penetration testing, with the key difference being that Red teaming is done continuously over a longer period of time. This enables the organization to gain continuous insights into the state of their security. With Red Teaming you can find out for example, if vulnerabilities appear in the services and software on your systems.
scada-AUDITING
Auditing includes an extensive investigation, to make sure that a software or device operates as stated by the manufacturer and it does not contain anything extra. We also make sure that the device or software does not have vulnerabilities or other risks. The benefit of auditing is to identify risks and vulnerabilities before they can be taken advantage of.
Software auditing
We assess the security of the software and make sure it does not contain vulnerabilities or other risks that can be taken advantage of.
Device auditing
We examine the device and its software to find out if the data on the device can be accessed by an attacker or if the device endangers the privacy of users or endangers the security of it’s operating environment.
