Penetration Testing
 


Definition

A full-scale security assessment is a means to analyze and document vulnerabilities of your system that may allow an attacker unauthorized access to your systems or permit an employee to sabotage it.

Methodology

  1. We begin by searching public domains for information about the company - websites, newsgroups, mailing lists, etc. We scan DNS records, information, and directory listings for all publicly available information.
  2. Next we baseline the entire system to determine topology, the hardware and software components of all network elements, and servers with regard to vendors and versions. This is followed by identification and exploitation of documented and undocumented vulnerabilities. This also includes application-level testing which is a very critical part, often ignored during routine tests.
  3. Then we examine and check authentication mechanisms and access control mechanisms. Check access permissions for all levels of employees to all network elements and resources.
  4. We assume levels of knowledge and expertise for all levels of potential attackers: from a novice script kiddy to an experienced and determined hacker, or someone with inside knowledge of the company's networks.
  5. Unlike other companies, we do not stop at running port scanners and vulnerability assessment tools. We go all the way, manually testing application level vulnerabilities, and we will actually exploit existing vulnerabilities to demonstrate the actual impact of a hacker attack. Our past work of finding vulnerabilities in mission-critical software shows that we are way ahead of the competition when it comes to vulnerability assessments.

Vulnerabilities

Some of the security vulnerabilities that we will test for:

  • Buffer Overflows
  • Format String bugs
  • SQL Injection
  • Cross-Site Scripting
  • Information Disclosure
  • Path Disclosure
  • Directory Traversal
  • Session Management Vulnerabilities
  • Weak Encryption Algorithms/Protocols
  • Authentication bugs
  • Authorization bugs
  • Web Server Vulnerabilities
  • Operating System Vulnerabilities
  • Application-specific Vulnerabilities, such as for Microsoft Exchange, OWA, etc.

Deliverables

Mail us for a sample Penetration Testing report
The report details the following:

  1. Details of vulnerabilities that have been discovered, ranked by severity
  2. Countermeasures to overcome these vulnerabilities
  3. Suggestions of long-term measures for securing systems

Why Titanium?

With our vast experience in security assessments, there is no combination of systems and platforms that our team cannot test for. With a client list that includes some of the top banks, government organizations, e-commerce companies, and other corporate clients, we have established a reputation for meticulousness, commitment and a strong sense of professional ethics.


 
  Home Buy Online Downloads Site Map