The Penetration Testing service is a (authorized) simulation of cyber-attack on Domains, information systems, networks and applications of a Company with the aim of exploiting them (gaining access and / or expelling data) to detect and prove an existing frailties.
Types of attacks included in a Penetration Testing are:
- SQL Injections, XSS and other code injection related attacks,
- Privilege Escalations due to faulty user authentication mechanisms, inaccuracies in settings or weaknesses of operating systems & applications,
- Software weaknesses in use (CVEs / exploits),
- Weaknesses of protocols,
- Weaknesses of Networks / network equipment (possibility of MITM attacks, Spoofing, Replay attacks etc.)
- Wireless access point exploitation (e.g. Rogue AP etc.)
- Password attacks (Brute force, dictionary attacks), etc.
The Service is implemented by a specialized consultant of our Company using the Forensics & Penetration Testing Platform "Kali Linux".
With the implementation of the service, a detailed technical Report with Proof-of-Concept (screenshots, commands, code) is delivered per finding & suggestions regarding dealing with weaknesses and Security Hardening.