Penetration tests of IT systems, network infrastructure, web applications and internet services are performed as simulations of a real attack.
The tester has almost no information about the target and needs to look up the information. Most likely an attack from the outside.
The tester has information about and insight into the entire structure and can exploit weaknesses available to employees. An attack similar to an "angry employee".
For example, the attacker knows the exact targets the customer wants to test. The most common type of testing. The customer defines exactly what they want to test.
The aim of a web application penetration test is to verify the actual resistance of a web application to an attack. We use automated tools and manual testing, and we perform combined attacks. The test is suitable for websites and large-scale web services applications. The tests are performed using the OWASP methodology.
In the case of an external penetration test, we simulate an attack on the customer's systems and applications from an external environment, i.e. we simulate an attack by a potential hacker attempting to penetrate from the internet. The goal is to detect any vulnerabilities that could be exploited by a potential attacker to penetrate or gain unauthorized access to the internal network. For testing, we use our own best practices supported by OSSTMM and CEH methodologies.
An internal penetration test verifies the resilience of the corporate network from the inside, i.e. attacks conducted by employees, partners or suppliers. The aim of the test is to protect against unauthorized access and possible misuse of data and sensitive information by users on the internal network. For testing, we use our own best practices supported by OSSTMM and CEH methodologies.
Wireless LAN scanning – wireless networks typically extend beyond the organization's building, allowing a potential attacker to penetrate the corporate network and systems through unauthorized access to the Wi-Fi network. Wi-Fi network tests include verification of availability (signal coverage, interference), unauthorized access to the Wi-Fi network, interception of communications, detection of unauthorized wireless access points.
Examination of employee behavior and reactions to attempts to obtain sensitive data and information through fraudulent e-mail or telephone campaigns, etc. The aim is to reveal the level of security awareness, compliance with the internal regulations and resistance to threats using methods of manipulation in direct and indirect communication.
Schedule a consultation with us for your ICT projects.
Call:
+420 225 103 103Write:
obchod@complus.cz