Security Audit
  • You are here:  
  • Home
  • Security Audit

Vulnerability Assessment & Penetration Test

The most precise method to estimate your organization’s information security stance is to examine how it stands up against an attack. Unintentional or deliberate destruction of data, hardware failure or cyber attack can happen anytime and organization needs to identify these threats by penetrating the resources. A penetration test process is an activity evaluating security measures of company information assets by simulating an attack from a malicious source. The process involves an active analyzes on system design, operational strength and weaknesses, technical flaws, vulnerabilities and poor system configuration.

 

 

 

 

 

 

 

 

Vulnerability Assessment & Penetration Test: 

Information Gathering is an information gathering techniques and tools designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) available in the target/victim websites.

Network Mapping Is the process of gathering information in order to identify and understand the internal working of systems? It is important:

  • To determine what the network looks like logically, understand the information and construct network map
  • To find out available resource and processing time
  • To identify weaknesses

Vulnerability Identification, there is no definitive list of all possible sources of these system vulnerabilities, anything can be system vulnerabilities!

  • Poor security management
  • Incorrect implementation
  • Social engineering
  • Poor design
  • Human factors
  • Operation system

Exploitation and Launching of Attacks: After the vulnerabilities are identified on the target system, it is then possible to launch the right exploits. The goal of launching exploits is to gain full access of the target system.

Reporting: After the completion of the penetration test, it is important to get user-customized reporting suites for a technical and/or management overview. This includes the executive summary, detailed recommendations to solve the identified vulnerabilities, and official security ID numbers for the vulnerabilities. 

Vulnerability Assessment 

In response to this security trend, Infinity Forensics offers a complete suite of vulnerability assessment services that enables companies to identify critical security threats that may expose their data to an unauthorized third party.  Many companies are poorly equipped to take on the task of identifying their infrastructure pain-points and therefore, find themselves at a high risk for cyber attacks and data breach.

Examples of the services provided include:

  • External Network Perimeter Vulnerability Assessment
  • Internal Network Vulnerability Assessment
  • Active Directory Reviews
  • WLAN Assessments
  • VoIP Assessments
  • OS Patch Management Assessment
  • Device Configuration Management Review
  • Source Code Review of Company Developed Applications