A Penetration Test, known as Ethical Hacking, is an authorised attempt to hack an organisation’s IT infrastructure, applications, processes and staff, with the aim of gaining access into its assets. The purpose of this test is to evaluate the security in order to determine vulnerabilities, advising on areas that are susceptible for compromise and recommend solutions to mitigate these areas of risk.
01
Information Gathering
Identify domain names, potential for information theft, firewalls, associated networks, partners and any publicly available information through DNS and search engines.
02
Port Scanning
Identify listening ports on your host to determine what services may be running that could potentially cross-checked for exploits.
03
Enumeration
Extracting information from target systems through listening services, dummy accounts or Wifi, SMTP and NetBios.
04
Vulnerability Scan
Assessing the organisations vulnerability appetite by assessing existing installed software and both the infrastructure and operating system level as well as individual user level for potential for exploits or vulnerabilities.
05
Analysis and Reporting
Data analytics of the results are provided as well as a detailed exploitation report identifying any vulnerabilities, misconfigurations or possible bugs.
Whitehat offers in-depth executive level reporting which serves as a tool for risk minimisation by management, and a technical document for the internal security team with vulnerabilities listed and prioritised by level of risk. The report also provides access to comprehensive cybersecurity strategies based on Whitehat’s key insights into enterprise security.
Testing Standards
- The Open Web Application Security Project (OWASP)
- The National Institute of Standards and Technology (NIST)
- Source Security Testing Methodology Manual (OSSTMM)
- Penetration Testing and Execution Standard (PTES)
- Penetration Testing Framework
- Australian Government Security Policies and Guidelines
Follow-up evaluation
Our post-engagement follow-up is an additional benefit that evaluates the implemented solution or allow clients to engage with us regarding risks and issues specified in our report.
Client-centric
We aim to create a positive experience for our customers. Confidentiality, availability and data integrity are the three essential elements of cyber security.
Social Engineering Scenario Testing (phishing)
Social engineering testing including simulation calling and emailing of employees to gain access to systems or attempt manipulating financial account information. “Trusted Authority” disguise, employee impersonation (IT Help Desk) testing. Frequency: 1 per year or at major change