SERVICES

What is a penetration test?

A Penetration Test, known as Ethical Hacking, is an authorised attempt to hack an organisation’s IT infrastructure, applications, processes and staff, with the aim of gaining access into its assets. The purpose of this test is to evaluate the security in order to determine vulnerabilities, advising on areas that are susceptible for compromise and recommend solutions to mitigate these areas of risk.

Scope of Services

Web Application Penetration Testing

Identify existing or potential vulnerabilities both at the application layer and infrastructure side in accordance with PTES and OSSTM. All assessments include OWASP source code best practice review, internal review of access privileges, external testing of public facing IPs and servers.
Frequency: 1 per year or at major change

Mobile Application Penetration Testing

Identify existing or potential vulnerabilities for mobile applicable against Android and iOS standards, OWASP source code best practice review, internal review of access privileges, external testing of public facing IPs and servers. Testing of user accounts if applicable for escalation vulnerabilities.
Frequency: 1 per year or at major change

Network Layer Penetration Testing

External perimeter security assessment and audit, subnet analysis, open port scans and attack surface assessment. Firewall configuration review, testing of public facing IP's and infrastructure resiliency ie. servers, cloud storage, AWS configuration, Azure configuration, DDoS prevention, load testing etc.
Frequency: 1 per year or at major change

Physical Security Penetration Testing

Identifying existing or potential access security control vulnerabilities. Attempting to bypass existing security restrictions, including RFID spoofing, lift access manipulation, biometric security and HVAC access security. Infiltration using USB payloads, open workstations or unsecured device docking stations.
Frequency: 1 per year or at major change

Wireless Penetration Testing

Testing configuration of wireless entry points against external attack. Review of internal network controls, segmentation, separation, VPNs, privilege access management, sensitive data etc. WPA2 vulnerabilities, KRACK and others.
Frequency: 1 per year or at major change

Social Engineering Scenario Testing (phishing)

Social engineering testing including simulation calling and emailing of employees to gain access to systems or attempt manipulating financial account information. “Trusted Authority” disguise, employee impersonation (IT Help Desk) testing.
Frequency: 1 per year or at major change

GET IN TOUCH

0064 21569400

info@whitehat.co.nz

4b Vega Place, Rosedale, Auckland, New Zealand, 0632.

© WHITEHAT | A Division of Computer Services Ltd. All Rights Reserved.
TOP