What is a Penetration Test?

A Penetration Test (also known as Ethical Hacking) is an authorized hacking attempt targeting an organization’s IT infrastructure, applications and staff, with the aim of gaining access into its assets. The purpose of this test is to harden security defenses by eliminating vulnerabilities and advising on areas that are susceptible for compromise. This testing can be done static or dynamic depending on nature of the environment. Security Solution Consultants provide you services during the product development as well so any security vulnerabilities can be addressed during the development phase instead of production phase.

The testing process is layered, and performed in four stages:
Gathering Information about targets (reconnaissance/Foot Printing)
Identifying and prioritizing vulnerabilities
Exploiting identified vulnerabilities to determine risk level
Providing executive level reporting and actionable remediation strategies
Our Services

1) Network Penetration Testing
2) Application Penetration Testing
3) Website Penetration Testing
4) Physical Penetration Testing
5) Firewall Configuration Reviews
6) Social Engineering

1) Network Penetration testing

Internal or External
Black box, White box, Gray box
Perimeter Infrastructure
Wireless, WEP/WPA cracking
Cloud Penetration Testing
Telephony systems / VoIP
Vulnerability scanning
PCI DSS Scanning

2) Application Penetration Testing

Web applications — asp.NET, PHP, Java, XML, APIs, web
Custom apps – CRM systems, SAP, logistics, finance and sales order systems
Mobile applications – Android, IOS
Industrial control systems – SCADA
Databases – SQL, MySQL, Oracle

3) Website Penetration testing

Website Pen Testing (Web App Security Testing)
SQL injection and Cross-site scripting vulnerability
Server configuration problems

4) Physical Penetration Testing

Lock-picking, impersonation, bypassing other
Physical security measures:
Sales premises and head offices
Warehouses and storage facilities
Data centres
Bug sweeping
CCTV systems
Door entry systems
Incident response