Members loginEnglandRomania

Penetration Testing

The Security Assessments undertaken by Silensec are designed to meet and exceed the prevailing industry standards for Penetration Testing, Security Assessment and Audit.  Silensec consultants are trained and experienced in the application of latest hacking techniques and ethical hacking assessment methodologies to make sure that your company is assessed and protected to the highest possible degree.

 Silensec Security Assessment Methodologies comprises the following:

External Security Assessment

An External Security Assessment identifies security strengths and weaknesses of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of an External Security Assessment is to demonstrate the existence or absence of known vulnerabilities that could be exploited by an external attacker. The External Security Assessment methodology can be broken down into four main areas:

  • Passive information gathering
  • Active  enumeration
  • Vulnerability identification & analysis
  • Vulnerability exploitation & escalation

Internal Security Assessment

The goal of an Internal Security Assessment is to demonstrate the existence or absence of known vulnerabilities that could be exploited by authorised internal users. Through the Internal Security Assessment it is possible to assess the risks associated to attacks originating from compromised internal host or by disgruntled employees. The Internal Assessment is typically performed at the organization's site and from multiple internal locations. Finally, the Internal Security Assessment identifies security weaknesses and strengths of the organization's systems and networks as they appear to internal users operating within the organization's security perimeter.

Web Application Security Assessment Methodology

The Web Application Security Assessment methodology is applied during both the External and Internal Security Assessment to phases to assess the security of critical Web applications that hold and/or process business and sensitive information. The Web Application Security Assessment methodology employs specific testing techniques to find security flaws and weaknesses in Web applications, that can often be exploited by remote clients on the Internet.  The Silensec Web Application Security Assessment Methodology is designed as a superset of the Open Web Application Security Project (OWASP) guidelines for application security assessment.

 Social Engineering Methodology

Social Engineering is the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of inappropriate trust relationships with insiders. Silensec’s security assessment consultants use this approach to attempt to gain confidential information, such as organisational charts, phone numbers, procedures or passwords and to evaluate the organisation's vulnerability to social engineering attacks.

Reporting

Upon completion of the technical assessment phases, Silensec will analyse the findings and prepare a written report.  This report is provided for three levels of audience:

  • Executive
  • Technical Management
  • System Administrators.

 The final report contains a practical overview of the security of the systems and networks assessed, associated threats and pragmatic advice on how best to mitigate any identified risks.  Full technical information is also presented within the report, including step-by-step instructions for remediation of security issues and how to maintain the security of the environment.

top
© 2010 Silensec. All Rights Reserved. Legal notice | Sitemap