Types of Penetration testing
An assessment of on-premise and cloud network infrastructure, including firewalls, system hosts and devices such as routers and switches. Can be framed as either an internal penetration test, focusing on assets inside the corporate network, or an external penetration test, targeting internet-facing infrastructure. To scope a test, you will need to know the number of internal and external IPs to be tested, network subnet size and number of sites.
A test that specifically targets an organisation’s WLAN (wireless local area network), as well as wireless protocols including Bluetooth, ZigBee and Z-Wave. Helps to identify rogue access points, weaknesses in encryption and WPA vulnerabilities. To scope an engagement, testers will need to know the number of wireless and guest networks, locations and unique SSIDs to be assessed.
An assessment of websites and custom applications delivered over the web, looking to uncover coding, design and development flaws that could be maliciously exploited. Before approaching a testing provider, it’s important to ascertain the number of apps that need testing, as well as the number of static pages, dynamic pages and input fields to be assessed.
The testing of mobile applications on operating systems including Android and iOS to identify authentication, authorisation, data leakage and session handling issues. To scope a test, providers will need to know the operating system types and versions they’d like an app to be tested on, number of API calls and requirements for jailbreaking and root detection.
Review of network builds and configurations to identify misconfigurations across web and app servers, routers and firewalls. The number of builds, operating systems and application servers to be reviewed during testing is crucial information to help scope this type of engagement.
Social Engineering
An assessment of the ability of your systems and personnel to detect and respond to email phishing attacks. Gain precise insight into the potential risks through customised phishing, spear phishing and Business Email Compromise (BEC) attacks.
Custom cloud security assessments to help your organisation overcome shared responsibility challenges by uncovering and addressing vulnerabilities across cloud and hybrid environments that could leave critical assets exposed.
Continuous, developer-centric security assessments designed to identify and remediate security vulnerabilities throughout the entire development cycle. This agile approach helps to ensure that every product release, whether it is a minor bug fix or a major feature, has been vetted from a security perspective.
Get in touch
0436 167 158
admin@nettrace.au