Penetration Testing is the process of intentionally hacking and attacking your own network, web applications and organization, for the purpose of checking how secure your assets really are.Attackers have no regard to your organization's internal policies, the trustworthiness of your employees, or the expertise of your technical staff. Only one fact matters to them; are you vulnerable?
It is in an organization's best interest, economically, and for the sake of reputation, to answer that question before the attackers do.
Are you vulnerable?
To answer this question; an organization must perform a Penetration Test, in which simulated hacking attacks are performed on its cyberspace, to determine - based on facts and results - how secure (or insecure) an organization really is.
Cyberkov performs Penetration Tests and Vulnerability Assessments in various forms, as explained below.
We perform two models of penetration tests:
Black Box Penetration Testing
Black Box Penetration Testing A Black Box Penetration Test is a real hacking attack simulation, where Cyberkov security experts carry out their attacks like actual hackers do, without any prior or internal knowledge of the target.
Through these attacks, the Cyberkov experts try to identify and exploit any weakness in any layer (web applications, operating systems, network devices, e-mail..etc), and attempt to pivot further into the target organization.
Cyberkov penetration tests are skill-based and depth-focused, with no reliance on automated tools and checklists. Contact Cyberkov and see your organization through the eyes of hackers.
White Box Penetration Testing
White Box Penetration Testing A White Box Penetration Test is a cooperative security test performed with prior knowledge of the infrastructure, its underlying logic, and access to some credentials. The technical staff of the organization provide the Cyberkov security experts with the insight & knowledge they need to thoroughly test every element of the target network; guaranteeing no systems, functionality or subnets are left untouched.
The more context our experts are provided; the more complete its final result will be.
Allow our trusted security experts to take a look at your organization from the inside and tell you how secure it is at its core.
We perform our tests in two formats:
External Penetration Testing
External Penetration Testing An External Penetration Test is performed strictly remotely, with no internal access provided to the Cyberkov security experts. The goal of this test is to simulate the majority of attacks coming from the internet.
The focus of this test is primarily the internet-facing assets of the organization, for example: Web applications, web servers, network endpoints, VPN, e-mail servers. This test also helps an organization learn what information (public or private) can be gained about it from the outside.
Internal Penetration Testing
Internal Penetration Testing An Internal Penetration Test is performed from within the premises of the target organization, usually to simulate threats from guests entering its physical boundaries (including wireless range), an employee with a malicious intent, or simply to discover the extent of damage an external hacker can do once he gains access to one of the internal machines.
An Internal Penetration Test focuses on workstations, internal applications, access controls, domains, and internal documents. This test is useful to determine what sensitive information might be stolen from the inside.
Penetration Test Steps - Reconnaissance: Collection of information about staff, systems, applications and others.
- Mapping: Mapping of information gained through reconnaissance into a full picture, as well as development of attack scenarios.
- Discovery: Discovering security vulnerabilities and weakness in any layer included in the test scope.
- Exploitation: Verification of weaknesses by exploiting them to gain access and determine the full extent of possible damage, as well as pivoting further inside.
Deliverables Upon completion of the security test, a detailed report is sent to the client, including the following:
- Executive Summary: Summary of the purpose of this test, as well as as brief explanation of the threats facing the organization from a business perspective.
- Findings: A detailed, technical explanation of the findings of the tests, with steps and proofs of the findings.
- Conclusion & Recommendations: This section provides final recommendations and summary of the issues found in the security test.