Penetration tests are the most common form of a cybersecurity solution aiming to evaluate the security of a system. They are a core aspect of building a secure and reliable infrastructure for a business of any size. While they have been widely adopted by companies who offer them as part of a service, most cybersecurity providers do not offer a comprehensive framework to address more complex security issues.
Our service is based on our expertise and is divided into two main categories in order to provide customers with a greater flexibility.
Web application penetration test
Recently, web applications are among the most frequently used forms of software who tend to be exploited using relatively simple vulnerabilities in order to gain access to private data. Even the most popular and said to be most secure applications are also the vulnerable, attackers rely on their secure reputation and develop easy and simple exploits to access a company’s cloud storage, internal executive level management information and redistribution of internal data.
Statistically, well over 80% of all publicly known exploits are due to known weaknesses in popular web applications. In many cases, vulnerabilities that result in a successful attack are completely ignored by conventional and automated testing methods. In similar cases, specific vulnerabilities are identified but incorrectly and considered inviolable due to the presence of protective technologies.
The service combines both automated and manual means of testing (the latter being carried out with priority). In order to identify the potential attack surface, a reconnaissance is performed. This phase is part of the penetration testing methodology which includes the following phases:
- Phase 1: Reconnaissance
- Phase 2: Scanning
- Phase 3: Gaining Access
- Phase 4: Privilege Escalation
Alongside the phases, the penetration testers are required to know the access method:
- Black box test
Requires zero knowledge of the company's assets. Penetration testers perform a complete reconnaissance phase to uncover the company's assets and get to pick their own path around security controls as well as executing a strategy of their own.
- Gray box test
The attacker(s) have limited knowledge and certain credentials for restricted access to the system, provided by the client. An example for a gray box test would be the case in which a client voluntarily provides access to the system and access controls from within it are being probed to verify their stability and security.
- White box test
The attacker(s) are given complete access to the source code of the system, administrative accounts as well as any other information related to the systems that are under the scope. Secure code review is performed by white-box testing, exclusively. It is the process of auditing the source code of an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places.
As part of the secure code review, the following is being taken into account when auditing the source code:
- Information storage;
- Cryptography implementation;
- Input boundaries and sanitization;
- Vulnerable built-in functions;
Network penetration test
The test analyzes the security of a network as well as probing different methods for exploitation of actives services, protocols, and devices (servers, routers, switches, access points, firewalls, IPS/IDS devices, and others). The service is divided into two categories as well:
Internal network penetration test
A commonly overlooked aspect of the generic security concept is the internal organization within the company. The general belief is that the internal network (intranet) is not accessible from external assets and is therefore not likely to be prone to an attack. Contrary to that, the weakest link in almost every cyber defense is the organization's employees. They dispose with access to internal assets and are trusted when it comes to security practices. The main reason for this is that most attacks are expected to originate from the outside. However, latest researches show that internal means of attacks are rapidly increasing and steadily gaining more popularity.
We can test the security of the local network remotely or on-site (the latter being the more commonly preferred).
External network penetration test
Contrary to the internal, the external network penetration test simulates a black box attack against a company's internet-facing infrastructure. For the purpose of the test, the penetration testers are only given a scope (typically this includes IP ranges, topologies, mind maps, and others). The test takes place remotely and does not require user interaction.
Both categories also include a web application penetration test for services running a web server. Network penetration tests represent a compact solution comprised of the following:
- Host discovery
- Fingerprinting vendor(s)
Outlining the scope
- Port scanning
- Service identification
- Service enumeration
- Ruleset review
- Automated testing
- Manual probing
- Verification of identified issues
- Testing for common vulnerabilities
- Testing for logical flaws in organizational units
- Usage of known exploits
- Usage of custom scripts or modified public exploits
- Leveraging identified vulnerabilities
Tests performed by TAD GROUP simulate a malicious targeted attack. A report is issued at the end of the penetration test in order to provide an easily comprehensible description of the findings as well as recommendations on how to mitigate the vulnerabilities.
Assessments are conducted in accordance with the recommendations outlined in NIST SP 800-115.