Whitebox & Blackbox
Ever wonder how 'safe' your network is from attackers? Penetration tests provide a look at your network from the perspective of a hacker. Your internet presence will be assessed and your websites will be tested against common (and uncommon) tools, methods and exploits. The tests can be as preformed as either a 'whitebox' test, where specific system details are revealed ahead of time, or a 'blackbox' test where little to nothing is known about the target.
Each one has it's advantages & disadvantages:
Whitebox Testing Advantages
- Knowing the system we are testing ahead of time maximizes the usefulness of the testing.
- More through testing can be preformed (less time foot-printing/scanning/mapping/etc).
- Useful if you only want to target specific aspects or sections of your infrastructure.
Whitebox Testing Disadvantages
- This type of testing does not accurately portray an outside attack.
- Will typically only test a certain section and not your entire web presence.
Blackbox testing Advantages
- More accurately portrays a network attack.
- Able to get a better understanding of what parts of your network an actual 'hacker' would see.
Blackbox Testing Disadvantages
- Testing will consume more time.
- Some areas of your network may not be tested due to time constraints.
As every company is different, there is not a 'one size fits all' solution. Taking into consideration what works best for your requirements, budget and time frame we can usually suggest a Whitebox test, Blackbox test or combination of both.
Web Application Testing
Have a web application that has been getting spammed recently? Hidden advertisements for pharmaceuticals got you down? Or maybe you just want to know if you are at risk of being hacked? Whatever the reason is, we can specifically target your web app and produce a full detailed report of how secure it is (or isn't!) from an outside attacker. You'd be surprised at what we will find ... we won't.
Internal Networks are assumed to be 'trusted'. Since they often reside inside the protections of the network, they are thought to be some of the most secure environments. However this is rarely the case, as data is typically not encrypted and sensitive information is commonly found on servers forgotten long ago. With our Internal Network testing package, we can be on site (or through a secure VPN) testing the controls of your internal network. This perspective would give you an overview of what a regular or disgruntled employee/vendor/consultant would see if they were to plug into your internal environment.
Public Facing Network
Your internet presence is your reputation. Testing your public facing network will enable you to see how much information about your company is really out there. Websites, Directory Listings, Social media and even legal documents can leak sensitive information about your company that could be used in an attack against you. We all know damages to a company's reputation can result in a loss of consumer confidence, the loss of investors or even worse, profits! Help control the fire hose of information that is the Internet with our Public Facing Network test!
Wireless networks provide connectivity to numerous devices, convenience to users and freedom from a rat's nest of cabling. Unfortunately they can also provide a way into your network from the outside. Misconfiguration, outdated software and even rouge access points can very easily circumvent the expensive firewalls and network protections you put in place. Our Wireless Network Penetration Testing package will scan for wireless networks, unauthorized access points and assess the security of your existing ones. Just because you can't see it, doesn't mean it isn't there.
Social Engineering is the art of gaining confidential information simply by asking for it. Phishing is the art of masquerading as a trusted entity to gain confidential information. Sure it may be considered rude, immoral or unethical but the bad guys don't care about that. Social Engineering & Phishing are present in some of the most high profile attacks in the news. Educating users is your best defense against it. We can use Social Engineering & Phishing techniques to glisten information from your company and then help you put together a program to protect against it in the future.
All the firewalls in the world won't protect you from someone physically stealing a server. Along with digital security controls, physical security controls are just as important. During a Physical Security Penetration Test we will assess the physical security controls you have in place and offer ways to help improve them.