Qsys logo
Tuesday, 21 November 2017
A+ R A-

Penetration Test

A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization's systems) and malicious insiders (who have some level of authorized access). The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.

 

QSYS offers external independent security penetration testing services. We have with a keen interest in all aspects of the IT security sector. Each member of our team is a skilled consultant, who will provide an in-depth security vulnerability assessment of your systems. Our objective is to provide accurate information that helps businesses secure both their systems and applications.

 

Following are the main sections as the basis for penetration testing execution:

- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting

 

Why might you want a penetration test?

 

Most organisations will have a penetration test due to one of the following reasons:

- Some industries and types of data are regulated and must be handled securely (like the financial sector, or credit-card data). In this case your regulator will insist on a penetration test as part of a certification process.
- You may be a product vendor (like a web developer), and your client may be regulated, so will ask you to have a penetration test performed on their behalf.
- You may suspect (or know) that you have already been hacked, and now want to find out more about the threats to your systems, so that you can reduce the risk of another successful attack.
- You may simply think it is a good idea to be proactive, and find out about the threats to your organisation in advance.

 

What should you test?

 

The exact "what" tends to be defined by one of the situations above, however just about anything that holds information can be tested:

- Off-the-shelf products like servers, smart phones, firewalls and routers etc.
- Bespoke software development like web sites, mobile applications and games etc.
- Telephone equipment like exchanges, smart phones, VOIP and fax servers etc.
- Wireless systems like WIFI networks, RFID tokens, and contactless cash etc.
- Physical protection like CCTV, door entry systems and mechanical locks etc.

 

iqnet certifiediso 9001

ISO 9001/IQNet Certified
Management System

Where we are

Contact Info

QSYS - XE Quality Systems

Saronikou 5

Kallithea 176 73

Greece

Phone : +30 211 4099 335

info@qsys.gr

Contact Us

QSYS on social Media

 

 

QSYS on mobile

 Qsys QR code